如果用户名是admin,如何允许删除。
我想允许只删除管理员删除记录 请帮我解决这个问题,谢谢......
session.php文件
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("dsrs", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from admin where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
DELETE.PHP
<?php
/*
DELETE.PHP
Deletes a specific entry from the 'drivers' table
*/
include('session.php');
// connect to the database
include('connect-db.php');
// check if the 'id' variable is set in URL, and check that it is valid
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
// get id value
$id = $_GET['id'];
// delete the entry
$result = mysql_query("DELETE FROM admission WHERE id=$id")
or die(mysql_error());
echo "<center>Delete.!</center>";
}
?>
答案 0 :(得分:1)
您想要的是仅允许admin用户删除指定的ID。
我不知道你如何将用户设置为“管理员”,但这个伪代码将为您提供一般要点。
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
// get id value
$id = $_GET['id'];
// delete the entry if admin
if($_SESSION['username'] == 'admin') {
$result = mysql_query("DELETE FROM admission WHERE id=$id") or die(mysql_error());
echo "<center>Delete.!</center>";
}
}
我不知道你在会话中存储了什么用户名,所以你需要改变它。
我建议您停止使用mysql_*库,因为它已被弃用。您应该查看PDO和/或MySQLi Prepared Statements。