gpt4 book ai didi

php - MySQL Select 查询选取错误记录

转载 作者:行者123 更新时间:2023-11-29 16:26:13 28 4
gpt4 key购买 nike

所以我最近在我的网站上创建了一个部分,用于显示从 MySQL 数据库填充的表。由于用户登录,有些记录我不希望其他用户看到,但有些用户我确实想看到。所以我建立了一个安全级别系统。到目前为止一切正常。在这一页中,我运行 if 语句来查看用户是否具有 4 的安全级别,如果是,我会根据他们的姓名运行 SELECT * 查询。所以查询是

SELECT * WHERE `assignedTo` = '$username'

理论上这是有效的,它不会给我任何错误,而且我打开了错误报告。这是我已经设置的错误代码;

//Error Reporting
ini_set('display_startup_errors', 1);
ini_set('display_errors', 1);
error_reporting(-1);

但是,我在数据库中有一条用于测试目的的记录,并且 assignedTo 字段现在包含“Example1”,当我以“Example2”身份登录时,我仍然可以看到分配给“Example1”的这条记录。我运行了 var_dump(),它显示了以下内容;

object(PDOStatement)#3 (1) {
["queryString"]=>
string(68) "SELECT * FROM `customerLeads` WHERE `assignedTo` = 'Example2' "
}

所以查询是正确的,这就是它应该如何运行,但它不应该显示记录,因为 assignedTo 等于“Example1”而不是“Example2”。

这是我的该网页的代码;

<?php  
//Session Start
session_start();

//Error Reporting
ini_set('display_startup_errors', 1);
ini_set('display_errors', 1);
error_reporting(-1);


require 'includes/conn.php';
$user_id = $_SESSION['user_id'];
$user_security = $_SESSION['user_security'];

if(!isset($_SESSION['user_id']) || !isset($_SESSION['logged_in'])){
//User not logged in. Redirect them back to the login.php page.
?>
<script type="text/javascript">
alert("You must be logged in!");
window.location.href = "login.php";
</script>
<?php
}

$user_name = $_SESSION['user_name'];

if ($user_security == 4) {
$customerList = $salesConn->query("SELECT * FROM `customerLeads` WHERE `assignedTo` = '$user_name' ");
}

if ($user_security == 0 OR 1) {
$customerList = $salesConn->query("SELECT * FROM customerLeads");
}
var_dump($customerList);
?>

然后这是我显示数据的表格;

  <table>
<thead>
<tr>
<th scope="col">Full Name</th>
<th scope="col">Telephone</th>
<th scope="col">Vehicle of Interest</th>
<th scope="col">Budget</th>
<th scope="col">P/X Vehicle</th>
<th scope="col">P/X Reg</th>
<th scope="col">P/X Finance</th>
<th scope="col">P/X Settlement</th>
<th scope="col">Salesman</th>
<th scope="col">Status</th>
</tr>
</thead>
<tbody>
<?php
while ($cRow = $customerList->fetch()) {
$firstName = $cRow['customerFirstName'];
$lastName = $cRow['customerLastName'];
$tele = $cRow['customerTel'];
$mob = $cRow['customerMob'];
$mail = $cRow['customerEmail'];
$add1 = $cRow['customerAdd1'];
$add2 = $cRow['customerAdd2'];
$add3 = $cRow['customerAdd3'];
$add4 = $cRow['customerAdd4'];
$vehInterest = $cRow['customerVeh'];
$vehChange = $cRow['customerChangeDate'];
$vehDrive = $cRow['customerDriveDate'];
$vehFinance = $cRow['customerFinance'];
$vehBudget = $cRow['customerBudget'];
$pxVeh = $cRow['customerPXVeh'];
$pxReg = $cRow['customerPXReg'];
$pxMile = $cRow['customerPXMileage'];
$pxColour = $cRow['customerPXColour'];
$pxEngine = $cRow['customerPXEngine'];
$pxTrans = $cRow['customerPXTrans'];
$pxFuel = $cRow['customerPXFuel'];
$pxPrice = $cRow['customerPXPrice'];
$pxFinance = $cRow['customerPXFinance'];
$pxSettle = $cRow['customerPXFinance'];
$salesman = $cRow['customerSalesman'];
$notes = $cRow['customerNotes'];
$status = $cRow['customerStatus'];
?>
<tr>
<td data-label="Ful Name"><?php echo $firstName." ".$lastName; ?></td>
<td data-label="Telephone"><?php echo $tele; ?></td>
<td data-label="Vehicle of Interest"><?php echo $vehInterest; ?></td>
<td data-label="Budget"><?php echo $vehBudget; ?></td>
<td data-label="P/X Vehicle"><?php echo $pxVeh; ?></td>
<td data-label="P/X Reg"><?php echo $pxReg; ?></td>
<td data-label="P/X Finance"><?php echo $pxFinance; ?></td>
<td data-label="P/X Settlement"><?php echo $pxSettle ?></td>
<td data-label="Salesman"><?php echo $salesman; ?></td>
<td data-label="Status"><?php echo $status; ?></td>
</tr>
<?php
}
?>
</tbody>

最佳答案

此条件始终为真:

if ($user_security == 0 OR 1)

因为 1 始终是一个“真实”值。不要根据如何大声说出 bool 表达式来考虑 bool 表达式,而应始终根据各个不同的表达式来考虑它们。在这种情况下,您有两个表达式:$user_security == 0,根据变量的不同,它是有条件的 true 或 false;和 1,这始终为真。

您可能想要这个:

if ($user_security == 0 OR $user_security == 1)

关于php - MySQL Select 查询选取错误记录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54216883/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com