ECHO插入PHP代码
代码行如下所示:ECHO插入PHP代码,php,mysql,Php,Mysql,代码行如下所示: if ( !$_SESSION['user_id'] ) { echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">'; } else { $user_id = intval($_SESSION['user_id']); $sql_query = @mysql_query("SELECT * FROM members WHERE id='{$user_id}'");
if ( !$_SESSION['user_id'] )
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">';
}
else
{
$user_id = intval($_SESSION['user_id']);
$sql_query = @mysql_query("SELECT * FROM members WHERE id='{$user_id}'");
$member = @mysql_fetch_array( $sql_query );
echo "<div class='header-trang'><center>
Xin chào {$member['username']} [<a href='thoat.php'>Logout</a>] <a class='button tiny' href='suathongtin.php'>Edit</a>";
if ($member['admin']=="1")
echo "
<a class='button tiny disabled' href='#admin.php'>Admin panel</a>";
include "connect.php";
mysql_query("SET NAMES 'utf8'");
$i = "SELECT baiviet.noidungID, duan.duanName, menu.menuName, baiviet.tieude, baiviet.noidung, baiviet.date,menu.menuID, duan.duanID FROM baiviet LEFT JOIN menu ON baiviet.menuID=menu.menuID LEFT JOIN duan ON baiviet.duanID=duan.duanID ORDER BY duan.duanName DESC";
$h = mysql_query($i);
while($tr=mysql_fetch_array($h)) {
$title = substr(strip_tags($tr[4]),0,100);
echo "<tr id='list-tin'>
<td id='td-land'>
<span class='secondary label'>".$tr[0]."</span>
<span class='label'>".$tr[1]."</span>
<span class='warning label'>".$tr[2]."</span>
</td>
<td id='td-land'>
<a target='_blank' href='../view.php?id=".$tr[0]."'>".$tr[3]."</a></td>
<td id='td-land'>
<a id='".$tr[0]."' class='delete_button label button alert'/>XÓA</a>
<a href='edit.php?id=".$tr[0]."' class='label button success'/>SỬA</a></td>
</tr>";}
当我使用这段代码时,如果用户名不是Admin,仍然可以看到数组列表mysql。
如何限制只有管理员才能查看mysql数组列表?if语句需要{}个大括号。否则,它只在其true语句中包含它后面的第一行,其余的将正常执行:
if ($member['admin']=="1") {
echo 'This line is conditional';
echo 'And so is this.';
}
echo 'This line will always be executed.';
vs
::在此处插入强制性mysql_*函数弃用和SQL注入风险通知::@Robert如果这确实帮助您接受此答案,则答案左侧的复选标记为postWhy on the earth Why some down vote this…?@Robert学习如何接受已解决代码问题的答案,访问Stack的Meta部分=>@scrowler的下一页,到底为什么有人否决了这个…?-我不知道。I+1
if ($member['admin']=="1")
echo 'This line is conditional';
echo 'This line will always be executed';