minor amends lab 7 code

lab-7/music-store-app/includes/functions.php

+<?php
+
+/* 	Helper functions. 
+	Include once from index.php */
+
+/* define a function to sanitise user input 
+(this would ideally be in includes folder)
+helps protect against XSS */
+function clean_input($data) {
+  $data = trim($data); // strips unnecessary characters from beginning/end
+  $data = stripslashes($data); // remove backslashes
+  $data = htmlspecialchars($data); // replace special characters with HTML entities
+  return $data;
+}
+
+?>

lab-7/music-store-app/index.php

@@ -9,6 +9,9 @@ include "templates/nav.html";
 // open a new MySQL database connection
 require "includes/db_connect.php";
 
+// require the helper functions script
+require "includes/functions.php";
+
 // check if 'page' parameter is set in query string
 if (isset($_GET['page'])) {
 	$page = $_GET['page']; // if so, set page variable to value of 'page' parameter
@@ -31,7 +34,7 @@ case 'album' :
 	include 'views/album.php';
 	break;
 case 'add-track' :
-	include 'views/add-track.php';
+	include 'views/add-track-insecure.php';
 	break;
 default :
 	include 'views/404.php';

lab-7/music-store-app/views/add-track.php

@@ -52,14 +52,6 @@ $content .= $form_html;
 
 // ------- START form processing code... -------
 
-// define a function to sanitise user input (this would ideally be in includes folder)
-// helps protect against XSS
-function clean_input($data) {
-  $data = trim($data); // strips unnecessary characters from beginning/end
-  $data = stripslashes($data); // remove backslashes
-  $data = htmlspecialchars($data); // replace special characters with HTML entities
-  return $data;
-}
 
 // define variables and set to empty values
 $title = $artist_id = $price = $year = $genre = "";