如何从$ _SESSION和MySQL用户ID验证用户ID
[英]How to validate user ID from $_SESSION and MySQL user ID
问题描述
I have a problem with MySQL query and condition. 
我对MySQL查询和条件有疑问。 The main problem is user with another ID can see / edit the same leads even though his id != owner. 主要问题是具有其他ID的用户即使其ID!=所有者也可以查看/编辑相同的销售线索。
I tried to change the vars and add '' or "", but none of these help. 我尝试更改var并添加“或”,但这些帮助均无效。
$myuser_query = mysqli_query($conn,"SELECT * FROM users WHERE id = '".$_SESSION["id"]."'");
$myuser = mysqli_fetch_assoc($myuser_query);
$myleads = "SELECT * FROM leads WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2 ORDER BY RAND() LIMIT 1";
$newleads = $conn->query($myleads);
if ($newleads->num_rows >= 1) {
(Here it's all the client side that's showing the date.) (这是所有显示日期的客户端。)
1 个解决方案
解决方案1
1 2019-05-14 14:04:56
You need to add parenthesis around the OR conditions in your query. 您需要在查询中的OR条件周围添加括号。 Change this: 更改此:
$myleads = "SELECT * FROM leads
WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2
ORDER BY RAND() LIMIT 1";
To: 至:
$myleads = "SELECT * FROM leads
WHERE owner = '".$myuser["id"]."' AND (status = 1 OR status = 2)
ORDER BY RAND() LIMIT 1";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何在PHP和MySql中保存和管理会话ID和用户ID - How to save and manage the Session ID and a User ID in PHP and MySql
将user_id添加到会话mysql - Adding user_id into Session mysql
如何从php会话中获取mysql user_id? - How do I get mysql user_id from php session?
会话用户ID? - Session User ID?
在会话中插入用户ID - Insert User ID in a Session
在 session 中包含用户 ID - include user ID in session
从codignitor中的另一个mysql表获取基于post_id匹配的会话user_id结果 - get session user_id result based on post_id match from another mysql table in codignitor
如何从PHP登录页面存储用户ID会话 - How to store user id session from login page in php
如何获取会话 ID? 从当前用户登录 - How can I get the session ID? from the cureent user login
如何从 javascript 中的会话中获取用户 ID? - How can I get user id from session in javascript?
相关标签