我正在尝试使登录的用户只能删除自己的帖子,但是ID为1 / admin的用户可以删除所有帖子。 我在这里做什么错了?
<?php
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Untitled Document</title>
</head>
<body>
<?php
$postitid = filter_input(INPUT_POST, 'pid', FILTER_VALIDATE_INT)
or die ('Missing or illegal id parameter');
$userid = $_SESSION['users_id'];
require_once('dbcon.php');
$mysqlstring = 'DELETE FROM postit WHERE id=? AND users_id=? OR
users_id=1';
$stmt = $link->prepare($mysqlstring);
$stmt ->bind_param('iii', $postitid, $userid, $userid);
$stmt -> execute();
if ($postitid == $userid ) {
echo 'Deleted '.$stmt->affected_rows.' Post-it notes';
} else {
echo 'You dont have permission to delete this.';
}
?>
</body>
</html>
答案 0 :(得分:2)
问题在这里
this.fileChooser.open().then((uri) => {
this.filePath.resolveNativePath(uri).then((finalUri) => {
this.file.resolveLocalFilesystemUrl(finalUri).then((entry) => {
let filePath = entry.nativeURL.substring(0, entry.nativeURL.lastIndexOf('/'));
if (entry.name.endsWith('.pdf')){
return this.file.readAsArrayBuffer(filePath, entry.name)
.then((data) => {
//data after reading pdf
})
.catch((error) => {
//error
});
}
})
})
})
此查询删除属于admin(users_id = 1)或已登录用户的帖子。您不希望那样,您想检查用户是否为admin,并让他删除ID为给定的帖子,如果是用户,则只有拥有者,才应删除该帖子。为此:
如果需要,请检查user_id = 1,然后进行其他查询
$mysqlstring = 'DELETE FROM postit WHERE id=? AND users_id=? OR users_id=1';
答案 1 :(得分:1)
首先使用所有mysqli字符串
IReadOnlyCollection<IWebElement> elems = Driver.FindElements(By.XPath("//div[.='Test App']")).Where(e => e.Displayed).ToList();
elems.ElementAt(0).Click();
由于表中的id是主键,因此您可以直接使用
$mysqlstring = 'DELETE FROM postit WHERE id=? AND users_id=? OR users_id=1';
或
$mysqlstring = 'DELETE FROM postit WHERE id=? ';
或
$mysqlstring = 'DELETE FROM postit WHERE id=? AND (users_id=? OR users_id=1)';