如何在创建查询时检查mysql数据库表字段值?

时间:2014-01-02 16:22:21

标签: php mysql sql database 

if($_SESSION['usergroup']==1) { //admin
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else if($_SESSION['userid']==1013) { //managers
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else { //everyone else
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

所以我想做的就是在这里改变这一行:

else if($_SESSION['userid']==1013) {

我想检查登录用户在名为manager的字段中user_table中的值是否为1。伪代码类似于:

else if(user_table manager field == 1) {


else if(if logged in user has a value of 1 in the manager field of the user_table table) {

这听起来像是可以做到的事情吗?

我想要完成的是编辑用户并使某些用户管理员,但我不想继续编辑php文件,以便每当我让用户成为管理员时继续添加这些新用户。我只是希望已升级的用户能够自动访问该中间查询。

这是我不想做的...... 

else if($_SESSION['userid']==1013 || $_SESSION['userid']==1014 || $_SESSION['userid']==1015 || $_SESSION['userid']==1016) {

...并继续以这种方式添加和添加到此行。

1 个答案:

答案 0 :(得分:1)

这绝对听起来像是可以完成的事情。我会使用类似的东西,使用PDO准备然后执行语句。

//Prepare the SQL query, using the :user_id parameter which you'll supply in the next statement
$stmt = $con->prepare('SELECT manager FROM user_table WHERE userid = :user_id');
//Execute the SQL, supplying the parameter
$stmt->execute(array(':user_id' => $_SESSION['userid'])'
//Retrieve the value
$manager_role = $stmt->fetchColumn();

或者,您可以在运行之前通过准备SQL查询而不使用PDO来执行相同的操作。 

$sql_query = 'SELECT manager FROM user_table WHERE userid = ' . $_SESSION['userid'];
$manager_role =  = mysql_query($sql_query);
....
//Your original code
if($_SESSION['usergroup']==1) { //admin
$result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else if($manager_role == 1) { //managers
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else { //everyone else
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

....
相关问题
最新问题