我正在尝试为我的网站制作一个新闻页面,以确保用户是数据库中的所有者排名,它有效,但是当我改变我的排名时,你仍然可以看到应该显示的消息你是正确的等级。
新闻页面的代码
<?php
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
else {
echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');
}
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['user_id'])) {
$query = "SELECT rank FROM kaoscraft_user WHERE user_id = '" . $_SESSION['user_id'] . "'";
}
else {
$query = "SELECT rank FROM kaoscraft_user WHERE user_id = '" . $_GET['user_id'] . "'";
}
$data = mysqli_query($dbc, $query);
if (!$row['rank'] = 'Owner') {
echo 'Youre not logged in';
}
else {
echo 'Welcome';
}
mysqli_close($dbc);
?>
答案 0 :(得分:3)
if (!$row['rank'] = 'Owner')
这是一项任务,而非平等检查。使用==进行相等性检查。更改后,您必须实际设置$row的值。
$data = mysqli_query($dbc, $query);
$row = $data->fetch_assoc();
if (!isset($row['rank']) || !$row['rank'] == 'Owner') {
echo 'Youre not logged in';
}
else {
echo 'Welcome';
}