Question

代码行是这样的：

if ( !$_SESSION['user_id'] )
{ 
    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">';
}
else
{
    $user_id = intval($_SESSION['user_id']);
    $sql_query = @mysql_query("SELECT * FROM members WHERE id='{$user_id}'");
    $member = @mysql_fetch_array( $sql_query ); 
    echo "<div class='header-trang'><center>
        Xin chào {$member['username']} [<a href='thoat.php'>Logout</a>] <a class='button tiny' href='suathongtin.php'>Edit</a>"; 
    if ($member['admin']=="1")  
        echo "
         <a class='button tiny disabled' href='#admin.php'>Admin panel</a>";
            include "connect.php";
            mysql_query("SET NAMES 'utf8'");
            $i = "SELECT baiviet.noidungID, duan.duanName, menu.menuName, baiviet.tieude, baiviet.noidung, baiviet.date,menu.menuID, duan.duanID FROM baiviet LEFT JOIN menu ON baiviet.menuID=menu.menuID LEFT JOIN duan ON baiviet.duanID=duan.duanID ORDER BY duan.duanName DESC";
            $h = mysql_query($i);
            while($tr=mysql_fetch_array($h)) {
            $title = substr(strip_tags($tr[4]),0,100);
echo "<tr id='list-tin'>
        <td id='td-land'>
        <span class='secondary label'>".$tr[0]."</span>
        <span class='label'>".$tr[1]."</span>
        <span class='warning label'>".$tr[2]."</span>
        </td>
        <td id='td-land'>
        <a target='_blank' href='../view.php?id=".$tr[0]."'>".$tr[3]."</a></td>
        <td id='td-land'>
<a id='".$tr[0]."' class='delete_button label button alert'/>XÓA</a>
<a href='edit.php?id=".$tr[0]."' class='label button success'/>SỬA</a></td>
</tr>";}

当我使用此代码时，如果用户名不是Admin，仍然可以看到数组列表mysql。我怎样才能限制只有管理员才能看到mysql数组列表？

Answer 1

if语句需要{}个大括号。否则它只包括其后面的第一行＆＃34; true＆＃34;陈述，其余的将按正常方式执行：

if ($member['admin']=="1") {
    echo 'This line is conditional';
    echo 'And so is this.';
}
echo 'This line will always be executed.';

VS

if ($member['admin']=="1")
    echo 'This line is conditional';
    echo 'This line will always be executed';

ECHO INSERT PHP代码

1 个答案: