我在数据库中定义了以下表格:
moderator (id, name)
parent_object (id, moderator_id, parent_name)
child_object (id, parent_id, child_name, quantity)
我想根据ID更新子对象。我目前有类似的东西有效:
update child_object set child_name = "Fred", quantity=5 where id = 3;
但是,存在安全漏洞,因为这允许任何主持人更新他们不拥有的任何子对象。如果moderator_id为2,我该如何对此表进行更新,以便只有在parent_object的moderator_id为2时才会更新?
答案 0 :(得分:1)
在mysql update中,您可以进行连接。
update
child_object c
join parent_object p on p.id = c.parent_id
set
c.child_name = "Fred",
c.quantity = 5 -- Seriously, this better not be a string.
where
c.id = 3 and p.moderator_id = 2
答案 1 :(得分:0)
update child_object set child_name = "Fred", quantity="5"
where id = 3 AND parent_id IN (Select id from parent_object where moderator_id = 2)
这应该有效,但使用" IN"太贵了。 或者,您首先编写测试查询以验证是否允许更新。
Select parent_id, moderator_id FROM child_object c
Left Join parent_object p on p.id = c.parent_id