mysql-PHP+MYSQL，我登陆之后，点击“注销”，为何会显示“非法访问”？

mysqlphp

<code>     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<h1>欢迎来到XXX网</h1>
<form method="post" action="<?php%20echo%20htmlspecialchars(%24_SERVER%5B" php_self>">               <span>邮箱：<input type="text" name="user_email"></span>    <span>密码：<input type="text" name="user_pass"></span>    <span>      <input type="submit" name="submit" value="登陆"></span>    <input type="button" onclick="location.href='register.php'" value="注册">
</form>    <?php //开始登录if(!isset($_POST['submit'])){exit('非法访问!');}$user_email = htmlspecialchars($_POST['user_email']);$user_pass = htmlspecialchars($_POST['user_pass']);//包含数据库连接文件include('conn.php');//检测用户名及密码是否正确$check_query = mysql_query("select user_id,user_nickname from users where user_email='$user_email' and user_pass='$user_pass' limit 1");if($result = mysql_fetch_array($check_query)){    //登录成功    @ session_start();    $_SESSION['user_id'] = $result['user_id'];    $_SESSION['user_email'] = $user_email;    echo $result['user_nickname'].'，欢迎你！---<a href="my.php">用户中心   ';    echo '<a href="index.php?action=logout">注销</a><br>';    exit;}     //登陆失败else {exit('登录失败！点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');}    //注销登录    if ( $_GET['action'] == "logout" && isset($_SESSION['user_id']) ){    echo '注销成功！点击此处 <a href="login.html">登录</a>';    unset($_SESSION['user_id']);    unset($_SESSION['user_email']);    exit;}?></code>