There is the following table:
With the following entries:
Accordingly, users who have the unit "admin" unit are administrators, with zero - no.
I check the code:
<?php require "auth.php"; $username = $_SESSION['login']; $admin = ("SELECT admin FROM loginparol WHERE login='$username'"); $result = $connection->query ($admin); if ($admin == 0) { header('Location: MainPage.php'); exit(); } if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo $row["admin"]; //Сделал вывод, чтобы самому понимать, какое число в $admin передаётся, тут всё верно } } Verification does not work, sends to "MainPage.php" in general all without parsing. If you do not write "== 0", but "! = 1", then it does not work at all. I understand that the error is due to the fact that in the if I incorrectly write the condition. Tell me, please, how it will be right, I myself can not guess, I study php and SQL in the course of project development.
$admin- this is a query string and you compare it with0, of course it will be equal. Since it equates to typeint, which will be equal to0. And the injection is provided. Read about the requests being prepared. - Andif ($result->fetch_assoc()[0]["admin"] == 0) {and you need to add a check for the existence of this array, otherwise if there is no user at all - there will be an error. - Manitikyl 10:35 pm