我正在学习,所以我想问一下在PHP代码中关闭IF的正确方法:
以下是页面末尾的示例一
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '$identification' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
$user_level = $user_info["privs"];
if ($user_level=='ADMIN'){}
else {
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
<?php
}
mysqli_free_result($result);
mysqli_close($database);
?>
以下是HTML正文
之前的示例二<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '$identification' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
$user_level = $user_info["privs"];
if ($user_level=='ADMIN'){}
else {
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
}
mysqli_free_result($result);
mysqli_close($database);
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
什么是正确的方法?在顶部还是在结尾?使用免费结果和关闭数据库连接是个好主意吗?这是正确的方法吗?我在尝试学习。
答案 0 :(得分:0)
你是说这个吗?
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '" . $identification . "' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
//Close your connection here, you dont need it anymore.
mysqli_free_result($result);
mysqli_close($database);
$user_level = $user_info["privs"];
//If $user_level is not equal to 'ADMIN'
if ($user_level != 'ADMIN'){
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
//End the If
<?php } ?>
我建议将你的html代码放在一个php文件中并像这样调用它:
include('view/myView.php');
所有变量都将传递给这个单独的文件。
所以看起来像这样:
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '" . $identification ."' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
//Close your connection here, you dont need it anymore.
mysqli_free_result($result);
mysqli_close($database);
$user_level = $user_info["privs"];
//If $user_level is not equal to 'ADMIN'
if ($user_level != 'ADMIN'){
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
include('view/myView.php');
//End the If
} ?>
myView.php
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
看起来更干净。或者是security.php中的HTML?如果是这样,那么你就不需要包括。