<?phpini_set("session.save_path", "/home/unn_w16004164/sessionData");session

1. <?php
2. ini_set("session.save_path", "/home/unn_w16004164/sessionData");
3. session_start();
4. ?>
5. <!doctype html>
6. <html lang="en">
7. <head>
8. <meta charset="UTF-8" />
9. <title>Retrieve records from the fine_feedback table</title>
10. </head>
11. <body>
12. <?php
13. echo "<ul>
14. <li><a href='chooseRecords.php'>Home</a></li>";
15. if(isset($_SESSION['logged-in']) && ($_SESSION['logged-in'] == true)){
16.  
17. echo"<li><a href ='logout.php'>Log out</a></li>";
18. } else{
19.  
20. echo "<li><a href ='loginForm.html'>Log in</a></li>";
21.  
22. }
23. echo"</ul>";
24.  
25.  
26.  
27.  
28. if(isset($_SESSION['logged-in']) && $_SESSION['logged-in'] == true){
29. try {
30.  
31. require_once("functions.php");
32. $dbConn = getConnection();
33.  
34. $selectSQL = "SELECT recordID, recordTitle, recordYear, recordPrice, catDesc FROM nmc_records
35. INNER JOIN nmc_publisher
36. ON nmc_records.pubID = nmc_publisher.pubID
37. INNER JOIN nmc_category
38. ON nmc_records.catID = nmc_category.catID
39. ORDER BY recordTitle";
40.  
41. $stmt = $dbConn->query($selectSQL);
42.  
43. // Now you can loop through the record set as usual
44. while ($rowObj = $stmt->fetchObject()) {
45.  
46. $rowObj->recordTitle = filter_var($rowObj->recordTitle, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
47. $rowObj->recordTitle = filter_var($rowObj->recordTitle, FILTER_SANITIZE_SPECIAL_CHARS);
48.  
49. $rowObj->recordYear = filter_var($rowObj->recordYear, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
50. $rowObj->recordYear = filter_var($rowObj->recordYear, FILTER_SANITIZE_SPECIAL_CHARS);
51.  
52. $rowObj->recordPrice = filter_var($rowObj->recordPrice, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
53. $rowObj->recordPrice = filter_var($rowObj->recordPrice, FILTER_SANITIZE_SPECIAL_CHARS);
54.  
55. $rowObj->catDesc = filter_var($rowObj->catDesc, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
56. $rowObj->catDesc = filter_var($rowObj->catDesc, FILTER_SANITIZE_SPECIAL_CHARS);
57.  
58. echo "<div class='div record'>
59.  
60. <span class='title'><a href='editRecords.php?recordID={$rowObj->recordID}'>{$rowObj->recordTitle}</a></span>
61. <span class ='recordYear'>{$rowObj->recordYear}</span>\n
62. <span class ='catDesc'>{$rowObj->catDesc}</span>\n
63. <span class ='recordPrice'>{$rowObj->recordPrice}</span>\n
64.  
65. </div>\n";
66. }
67.  
68. }
69. catch (Exception $e) {
70. echo "Records not found: " . $e->getMessage();
71. }
72. } else{
73. echo "<p> Access denied, please log in</p>";
74. }
75. ?>
76.  
77. </body>
78. </html>