php - 我如何在创建查询时检查 mysql 数据库表字段值？

Question

if($_SESSION['usergroup']==1) { //admin
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else if($_SESSION['userid']==1013) { //managers
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else { //everyone else
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

所以我想做的是在这里更改这一行:

else if($_SESSION['userid']==1013) {

我想检查登录用户在 user_table 中名为 manager 的字段中的值是否为 1。伪代码类似于:

else if(user_table manager field == 1) {

或

else if(if logged in user has a value of 1 in the manager field of the user_table table) {

这听起来像是可以完成的事情吗？

我想要完成的是编辑用户并让某些用户成为管理员，但我不想每次让用户成为管理员时都必须继续编辑 php 文件以继续添加这些新用户。我只希望已升级的用户能够自动访问该中间查询。

这是我不想做的...

else if($_SESSION['userid']==1013 || $_SESSION['userid']==1014 || $_SESSION['userid']==1015 || $_SESSION['userid']==1016) {

...并以这种方式继续添加和添加到这一行。

Answer 1

这听起来绝对是可以做到的。我会使用类似这样的东西，使用 PDO 来准备然后执行语句。

//Prepare the SQL query, using the :user_id parameter which you'll supply in the next statement
$stmt = $con->prepare('SELECT manager FROM user_table WHERE userid = :user_id');
//Execute the SQL, supplying the parameter
$stmt->execute(array(':user_id' => $_SESSION['userid'])'
//Retrieve the value
$manager_role = $stmt->fetchColumn();

或者，您可以在不使用 PDO 的情况下通过在运行 SQL 查询之前准备好 SQL 查询来完成同样的事情。

$sql_query = 'SELECT manager FROM user_table WHERE userid = ' . $_SESSION['userid'];
$manager_role =  = mysql_query($sql_query);
....
//Your original code
if($_SESSION['usergroup']==1) { //admin
$result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else if($manager_role == 1) { //managers
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

else { //everyone else
    $result = mysql_query("the select statement which is written a certain way. this part is not what question is about") or die(mysql_error());
}

....