我试图将用户只能看到他/她自己的详细信息。我通过 URL 栏传递一个 PHP 变量,所以它只显示他们自己的信息,但是如果他们编辑 ID 号,他们可以查看其他人的详细信息吗?
我目前拥有的代码如下所示:
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
include "../adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM Users WHERE id='$managerID' AND username='$manager' AND password='$password' AND role='Student' LIMIT 1");
$existCount = mysql_num_rows($sql);
if ($existCount == 0) {
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
exit();
}
?>
<?php
// Get a list of all items and display them in alphabetically
include "../adminscripts/connect_to_mysql.php";
//Check to see the URL variable exists in the database
$dynamicList = "";
if (isset($_GET['id'])) {
include "../adminscripts/connect_to_mysql.php";
$id = preg_replace('#[^0-9]#i', '', $_GET['id']);
***********************************************************************************
***********************************************************************************
// If the ID does not exist the display this message.
$sql = mysql_query("SELECT * FROM StudentAttendance WHERE StudentID='$id' ORDER BY AttendanceDate DESC");
$productCount = mysql_num_rows($sql);
if ($productCount > 0) {
while ($row = mysql_fetch_array($sql)) {
$AttendanceDate = $row["AttendanceDate"];
$AttendanceStatus = $row["AttendanceStatus"];
$Notes = $row["Notes"];
$dynamicList .= '<tr style="font-size:15px;">
<td>' . $AttendanceDate . '</td>
<td>' . $AttendanceStatus . '</td>
<td>' . $Notes . '</td>
</tr>';
}
} else {
$AttendanceDate = "nil";
$AttendanceStatus = "nil";
$Notes = "nil";
}
} else {
echo "Something is missing which means we can't display this page! Sorry for the inconvenience and please try again later!";
exit();
}
mysql_close();
?>
我尝试将以下 if 语句放在上面代码中放置星号的位置...
if ($id != $managerID) {
$id = $managerID;
}
但这似乎不起作用......我把它放在正确的地方了吗?据我所知,我使用了正确的变量?
任何帮助将不胜感激!