我有这个代码,它必须过滤管理员的权限,我甚至做了一个双重检查。 但它似乎没有用。
代码:
<?php
include("db.php");
$result=mysql_query("SELECT * FROM members where admin='true' AND admincheck='1'");
while($test = mysql_fetch_array($result)) {
echo"<li><a href='archief.php'><span>archief</span></a></li>";
}
mysql_close($conn);
?>
数据库:
CREATE TABLE `members` (
`member_id` int(11) unsigned NOT NULL,
`admin` varchar(5) NOT NULL default 'false',
`admincheck` int(1) NOT NULL default '0',
`firstname` varchar(100) default NULL,
`lastname` varchar(100) default NULL,
`mail` varchar(150) NOT NULL,
`login` varchar(100) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
PRIMARY KEY (`member_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
INSERT INTO `members` (`member_id`, `admin`, `admincheck`, `firstname`, `lastname`, `mail`, `login`, `passwd`) VALUES
(607, 'true', 1, '---', '----', '---', '---', '---'),
答案 0 :(得分:1)
您需要将当前登录的成员ID放入查询中,因此假设您将登录用户存储在会话中:
$member_id = (int)$_SESSION['member_id'];
$result=mysql_query("SELECT * FROM members where member_id = '$member_id' AND admin='true' AND admincheck='1' LIMIT 1");
if($result && mysql_num_rows($result) == 1)
{
// user is an admin, show secret links
echo "<li><a href='archief.php'><span>archief</span></a></li>";
}