如何检测用户是admin还是customer?下面显示的代码有一个if else语句,这被认为是错误的,因为我不知道它的代码是什么,你能帮我吗?我想检查$confirmation变量。如果包含1,则用户将进入管理页面。如果没有,则转到客户页面。我该怎么做呢?顺便说一句,if是管理员,然后第一个else是if else语句中的客户。
<?php
session_start();
include("dbcon.php");
$username = $_POST['username'];
$password = $_POST['password'];
$qry="SELECT * FROM admininfo WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1) {
session_regenerate_id();
$user = mysql_fetch_assoc($result);
//$_SESSION['fname'] = $user['fname'];
//$_SESSION['lname'] = $user['lname'];
//$_SESSION['username'] = $user['username'];
//$_SESSION['password'] = $user['password'];
$_SESSION['confirmation'] = $user['confirmation'];
session_write_close();
header("Location:menu.php");
exit();
}else {
header("Location:menu1.php");
exit();
}
}else {
die("Query failed");
}
?>
您可以做的是为admininfo表添加另一个字段,并在这里声明用户是否为admin。例如,在admininfo中有状态字段,您的查询将是这样的(这只是一个示例):
$yourconnection=mysqli_connect("YourHost","YourUsername","YourPassword","NameOfYourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
$username = mysqli_real_escape_string($yourconnection,$_POST['username']); /* prevents a bit of SQL injection */
$password = mysqli_real_escape_string($yourconnection,$_POST['password']); /* prevents a bit of SQL injection */
$qry=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='customer'");
$qryadmin=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='administrator'");
if(mysqli_num_rows($qry)==1){
header("LOCATION:CustomerPage.php");
}
else if(mysqli_num_rows($qryadmin)==1){
header("LOCATION:AdminUserPage.php");
}
else {
echo "Error! No user found.";
}
并尝试使用MySQLi代替它的前身MySQL