<?php
ob_start();
include 'connection.php';
$user_id = $_POST ['user_id'];
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM Register WHERE username= '$username' AND Password = '$password' ";
$result = mysqli_query($connection, $query) or exit("Error in the query: $query. " . mysqli_error());
$row = mysqli_fetch_assoc($result);
if ($row ) {
$_SESSION['username'] = $username;
echo '' . $username . '';
&& ($row ) {
$_SESSION['user_id'] = 1;
header('Location: AdminPage.php');
}
else if ($row ) {
$_SESSION['username'] = $username;
echo '' . $username . '';
header('location:Login.php');
&& ($row ) {
$_SESSION['user_id'] = > 1;
header('Location: ProtectedPage.php');
}
?>
你能帮我解决这个代码的问题吗?我试图让它检测什么是用户,什么是管理员,然后把它引导到正确的页面。如果你在这里只是抱怨我的代码对sql注入有多脆弱,我真的不在乎,因为这是一个项目,我不要求它受到
很可能您正在寻找这样的东西:
if ( $row && is_array($row) && isset($row['username']) && isset($row['user_id'])) {
$_SESSION['username'] = $row['username'];
$_SESSION['user_id'] = $row['user_id'];
if ( 1==$row['user_id'] )
header('Location: AdminPage.php');
else
header('Location: ProtectedPage.php');
} else {
header('Location: Login.php');
}
这假设user_id存储在数据库中,user_id 1表示这是"管理员帐户"。