Fatal编程技术网
  • php/
  • ECHO插入PHP代码

ECHO插入PHP代码

php mysql

ECHO插入PHP代码,php,mysql,Php,Mysql,代码行如下所示: if ( !$_SESSION['user_id'] ) { echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">'; } else { $user_id = intval($_SESSION['user_id']); $sql_query = @mysql_query("SELECT * FROM members WHERE id='{$user_id}'");

代码行如下所示:

if ( !$_SESSION['user_id'] )
{ 
    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">';
}
else
{
    $user_id = intval($_SESSION['user_id']);
    $sql_query = @mysql_query("SELECT * FROM members WHERE id='{$user_id}'");
    $member = @mysql_fetch_array( $sql_query ); 
    echo "<div class='header-trang'><center>
        Xin chào {$member['username']} [<a href='thoat.php'>Logout</a>] <a class='button tiny' href='suathongtin.php'>Edit</a>"; 
    if ($member['admin']=="1")  
        echo "
         <a class='button tiny disabled' href='#admin.php'>Admin panel</a>";
            include "connect.php";
            mysql_query("SET NAMES 'utf8'");
            $i = "SELECT baiviet.noidungID, duan.duanName, menu.menuName, baiviet.tieude, baiviet.noidung, baiviet.date,menu.menuID, duan.duanID FROM baiviet LEFT JOIN menu ON baiviet.menuID=menu.menuID LEFT JOIN duan ON baiviet.duanID=duan.duanID ORDER BY duan.duanName DESC";
            $h = mysql_query($i);
            while($tr=mysql_fetch_array($h)) {
            $title = substr(strip_tags($tr[4]),0,100);
echo "<tr id='list-tin'>
        <td id='td-land'>
        <span class='secondary label'>".$tr[0]."</span>
        <span class='label'>".$tr[1]."</span>
        <span class='warning label'>".$tr[2]."</span>
        </td>
        <td id='td-land'>
        <a target='_blank' href='../view.php?id=".$tr[0]."'>".$tr[3]."</a></td>
        <td id='td-land'>
<a id='".$tr[0]."' class='delete_button label button alert'/>XÓA</a>
<a href='edit.php?id=".$tr[0]."' class='label button success'/>SỬA</a></td>
</tr>";}
当我使用这段代码时,如果用户名不是Admin,仍然可以看到数组列表mysql。 如何限制只有管理员才能查看mysql数组列表?

if语句需要{}个大括号。否则,它只在其true语句中包含它后面的第一行,其余的将正常执行:

if ($member['admin']=="1") {
    echo 'This line is conditional';
    echo 'And so is this.';
}
echo 'This line will always be executed.';
vs

::在此处插入强制性mysql_*函数弃用和SQL注入风险通知::@Robert如果这确实帮助您接受此答案,则答案左侧的复选标记为postWhy on the earth Why some down vote this…?@Robert学习如何接受已解决代码问题的答案,访问Stack的Meta部分=>@scrowler的下一页,到底为什么有人否决了这个…?-我不知道。I+1 
if ($member['admin']=="1")
    echo 'This line is conditional';
    echo 'This line will always be executed';