Users add gifts to their shopping list or remove them by clicking on links in the list.php page. The links call the action.php script with the gift ID and the action parameter set to add or remove. For add, the script attempts to reserve the gift with the specified gift_id for the current guest. Similarly, for remove, the script attempts to remove the gift with the specified gift_id from the current guest’s shopping list. The user is identified by the username session variable ($_SESSION['username']).

The script checks that the user is authenticated using the logincheck() function and that the URL requested by the browser includes attributes and values in a query string. As discussed earlier, the query-string attributes can be accessed as elements of the $_GET superglobal array. The action.php script first cleans the values in $_GET['gift_id'] and $_GET['action'] and assigns them to the variables $gift_id and $action:

<?php // action.php: Add or remove a gift from the user's shopping list // Include database parameters and related functions require_once("db.php"); // Check if the user is logged in // (this also starts the session) logincheck(); // Secure the user data if(count($_GET)) { // Connect to the MySQL DBMS and use the wedding database // - credentials are in the file db.php if(!($connection= @ mysqli_connect( $DB_hostname, $DB_username, $DB_password, $DB_databasename))) showerror($connection); $gift_id = clean($_GET['gift_id'], 5); $action ...