我正在运行此查询以获取帖子,如果该成员有权访问它。是否足够安全,只需检查if($row)?
$sql = "SELECT f_title
FROM fields
INNER JOIN members
ON m_group_id = f_group_id
AND m_u_id = " . mysqli_real_escape_string($db_link, $_SESSION['u_id']) . "
AND m_status > 0
WHERE f_id = " . mysqli_real_escape_string($db_link, $_POST['id']) . "
LIMIT 1";
$result = mysqli_query($db_link, $sql) or die(mysqli_error($db_link));
$row = mysqli_fetch_assoc($result);
if($row)
{
echo 'Permission granted!';
}
else
{
echo 'Permission NOT granted!';
}