如果用户是php的管理员,如何允许删除

时间:2015-03-04 03:26:25

标签: php mysql

如果用户名是admin,如何允许删除。

我想允许只删除管理员删除记录 请帮我解决这个问题,谢谢......

session.php文件

<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("dsrs", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from admin where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>

DELETE.PHP

<?php
/* 
 DELETE.PHP
 Deletes a specific entry from the 'drivers' table
*/

include('session.php');

 // connect to the database
 include('connect-db.php');

 // check if the 'id' variable is set in URL, and check that it is valid
 if (isset($_GET['id']) && is_numeric($_GET['id']))
 {
 // get id value
 $id = $_GET['id'];

 // delete the entry
 $result = mysql_query("DELETE FROM admission WHERE id=$id")
 or die(mysql_error()); 
 echo "<center>Delete.!</center>";
 }
?>

1 个答案:

答案 0 :(得分:1)

您想要的是仅允许admin用户删除指定的ID。 我不知道你如何将用户设置为“管理员”,但这个伪代码将为您提供一般要点。

if (isset($_GET['id']) && is_numeric($_GET['id'])) {
    // get id value
    $id = $_GET['id'];

    // delete the entry if admin
    if($_SESSION['username'] == 'admin') {
        $result = mysql_query("DELETE FROM admission WHERE id=$id") or die(mysql_error()); 
        echo "<center>Delete.!</center>";
    }
 }

我不知道你在会话中存储了什么用户名,所以你需要改变它。


我建议您停止使用mysql_*库,因为它已被弃用。您应该查看PDO和/或MySQLi Prepared Statements