[英]Join two tables with where clause
我有兩個表user和news_table。 我想禁止類型1的用戶編輯和刪除類型9的用戶發布的新聞。現在與我的代碼一樣,用戶類型1可以編輯和刪除類型9的用戶發布的新聞。我需要一個新查詢修理它。
user:
id int primary key auto_increment,
username varchar(255),
password varchar(255),
type int
news_table:
id int primary key auto_incremnet,
title varchar(255),
news text,
author varchar(50),
time date,
authorid int,
image varchar(255) NULL
if(isset($_POST['editsubmit'])){
$oldtitle=htmlentities($_POST['oldtitle']);
$newtitle=htmlentities($_POST['newtitle']);
$newtext=htmlentities($_POST['newtext']);
$oldtitle=mysqli_real_escape_string($conn,$oldtitle);
$newtitle=mysqli_real_escape_string($conn,$newtitle);
$newtext=mysqli_real_escape_string($conn,$newtext);
if($oldtitle){
if($newtitle){
if($newtext){
$query=mysqli_query($conn,"SELECT*FROM news_table JOIN user ON news_table.authorid=user.id WHERE title='$oldtitle' AND user.type!=9 OR news_table.image IS null");
$numrows=mysqli_num_rows($query);
if($numrows==1){
mysqli_query($conn,"UPDATE news_table set title='$newtitle',news='$newtext' WHERE title='$oldtitle'");
$query=mysqli_query($conn,"SELECT*FROM news_table WHERE title='$newtitle'");
$numrows=mysqli_num_rows($query);
if($numrows==1){
$errormsg2="News edited";
}else
$errormsg2="An error occurred.News not edited";
}else
$errormsg2="That news do not exist";
}else
$errormsg2="Please enter new text";
}else
$errormsg2="Please enter new title";
}else
$errormsg2="Please enter old news title";
}
我評論了您的代碼,看來您將允許user.type不等於9的任何用戶執行編輯,也許您應該將其更改為= 9,這樣只有user.type 9才可以進行修改。
if(isset($_POST['editsubmit'])){
// Post Variables
$oldtitle=htmlentities($_POST['oldtitle']);
$newtitle=htmlentities($_POST['newtitle']);
$newtext=htmlentities($_POST['newtext']);
$oldtitle=mysqli_real_escape_string($conn,$oldtitle);
$newtitle=mysqli_real_escape_string($conn,$newtitle);
$newtext=mysqli_real_escape_string($conn,$newtext);
// If there is an oldtitle
if($oldtitle){
// If there is a newtitle
if($newtitle){
// If there is newtext
if($newtext){
// Perform this query, JOIN and WHERE has user.type EQUALS 9
$query=mysqli_query($conn,"SELECT*FROM news_table JOIN user ON news_table.authorid=user.id WHERE title='$oldtitle' AND user.type = 9 OR news_table.image IS null");
// Get the Data
$numrows=mysqli_num_rows($query);
// If we actually received a row with the matching criteria
if($numrows==1){
// Perform the update
mysqli_query($conn,"UPDATE news_table set title='$newtitle',news='$newtext' WHERE title='$oldtitle'");
// New query to refresh the data from the edit
$query=mysqli_query($conn,"SELECT*FROM news_table WHERE title='$newtitle'");
$numrows=mysqli_num_rows($query);
// Verify the edit was completed
if($numrows==1){
$errormsg2="News edited";
}else
$errormsg2="An error occurred.News not edited";
}else
$errormsg2="That news do not exist";
}else
$errormsg2="Please enter new text";
}else
$errormsg2="Please enter new title";
}else
$errormsg2="Please enter old news title";
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.