You can also log on to the administrator logon page.

On the administrator logon page, common users can also log on to this post. at last, yoshikis learned PHP by the editing younger brother at 2014-09-1811: 55: 57. Currently, a message board and admin are written. when using this part of php code, you can log on to the account of a common user without knowing what went wrong. My SQL statement selects the admin table. Why can I log on to the admin table even if the user in the user table can select the administrator?

This post was last edited by yoshikis at 11:55:57 on

The younger brother is studying PHP by himself. He is currently writing a message board. when writing admin. php code, he can log on to the account of a common user. he does not know what went wrong. I selected the admin table for the SQL statement. Why can I select the admin table even for users in the user table? Don't understand, please answer.

Admin. php code

 Error_reporting (0 );
@ Session_start ();
Require_once 'Conn/conn. php ';
$ User_name = $ _ POST ['name'];
$ Password = md5 ($ _ POST ['password']);
$ _ SESSION ['User _ name'] = $ user_name;
If (strlen ($ user_name) <1 ){
?>


Administrator login

 



 
  

  

 


 
}
Else if (strlen ($ user_name)> 1 ){
$ Query = "select * from admin where user_name =? And password =? ";
// Echo $ query;
// Exit;
$ St = $ db-> prepare ($ query );
$ Rs = $ st-> execute (array ($ user_name, $ password ));
If ($ rs = false)
{

Echo"
 
  
Script alert ('login failed! '); Window. location. href = 'admin. php' script
 ";
}
Else
{
// Echo "login successful! ";
Echo"
 
  
Script alert ('Administrator login successful! '); Window. location. href = 'admin _ select_neirong.php' script
 ";
}
}

?>

Table structure

Admin table


User table





------ Solution ----------------------
Two questions
1. $ _ SESSION ['User _ name'] = $ user_name; this statement should be used after logon.
2. common users and administrators use $ _ SESSION ['User _ name'] to determine whether to log on to the queue, it is determined that all logon attempts by administrators will be successful.
The administrator's login should be saved as $ _ SESSION ['admin _ user_name '] on the administrator's login plane, sentence $ _ SESSION ['admin _ user_name '] instead of $ _ SESSION ['User _ name']