CODEWITHSUNDEEP
javascriptphpjqueryhtml
Mahmood Mohammed
Mahmood Mohammed

Reputation: 187

how to redirect page if id not related to session id in php

I am working on holiday package admin project where travel agents are signup and submit their packages from dashboard. I am saving agent data in agent_register table and packages data in holidays table. When agent signup to dashboard i am showing only the packages which he submitted. here is the code.

<?php
$agent = $session['id'];

$sql = "select * from holidays where agent_id = $agent";
$i = 1;

$res = $mysqli->query($sql);

if( mysqli_num_rows($res) > 0) {
    while($row = mysqli_fetch_array($res))
    {
    ?>

    <tr>
      <td><?php echo $i++; ?></td>
      <td><?php echo $row["pkg_title"]; ?></td>
      <td><?php echo $row["pkg_id"]; ?></td>
      <td><?php echo $row["pkg_type"]; ?></td>
      <td><?php echo $row["country"]; ?></td>
      <td><?php echo $row["nights"]; ?>N / <?php echo $row["days"]; ?>D</td>
      <td><?php echo "<a href='edit-holiday-package?id=".$row['id']."&&".$row['pkg_title']."&&".$row['pkg_theme']." ' class='icon-edit'><i class='fa fa-edit' data-toggle='tooltip' title='Edit'></i></a>
      &nbsp;&nbsp;<a href='delete-holiday-package?id=$row[id]' class='icon-delete' onclick='return confirmDelete();'><i class='fa fa-trash' data-toggle='tooltip' title='Delete'></i></a>" ?></td>
    </tr>

    <?php                                             
    }
}
?>

If he want to edit the page, i am showing the page with holidays id. the url is something this.

edit.php?id=2

If i change the id number in URL 2 to 5 or 6 the page showing the packages which is not related to that agent. What i need is when we change the id manually in address bar the page redirect to 404 or home page. Please help me. Here is my edit page code.

$id = $_GET['id'];

$sql = "select * from `holidays` where `id` ='$id'";
$res = $mysqli->query($sql);
$rec = mysqli_fetch_array($res);

Upvotes: 0

Views: 59

Answers (1)

am05mhz
am05mhz

Reputation: 2875

you could use:

$agent = $_SESSION['id'];
$id = $_GET['id'];
if ($agent != $id) {
    //redirect to somewhere else
}

where $_SESSION['id'] was set when the agent was logged in

sorry miss-read your question, you can try this instead:

$agent = $_SESSION['id'];
$id = $_GET['id'];
$sql = "select * from `holidays` where `id` ='$id' and `agent_id` = '$agent'";

then redirect to somewhere else if the result is 0

Upvotes: 1

Related Questions