如何从$ _SESSION和MySQL用户ID验证用户ID

时间:2019-05-14 14:00:16

标签: php mysql

我对MySQL查询和条件有疑问。主要问题是具有其他ID的用户即使拥有ID!=所有者也可以看到/编辑相同的销售线索。

我试图更改var并添加“或”,但这些帮助都不起作用。

$myuser_query = mysqli_query($conn,"SELECT * FROM users WHERE id = '".$_SESSION["id"]."'");
$myuser = mysqli_fetch_assoc($myuser_query);

$myleads = "SELECT * FROM leads WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2 ORDER BY RAND() LIMIT 1";
$newleads = $conn->query($myleads);
 if ($newleads->num_rows >= 1) {

(这里是所有显示日期的客户端。)

1 个答案:

答案 0 :(得分:1)

您需要在查询中的OR条件周围添加括号。更改此:

$myleads = "SELECT * FROM leads 
           WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2 
           ORDER BY RAND() LIMIT 1";

收件人:

$myleads = "SELECT * FROM leads 
           WHERE owner = '".$myuser["id"]."' AND (status = 1 OR status = 2)
           ORDER BY RAND() LIMIT 1";
相关问题
最新问题