-1

这是我的php代码。我想知道是否可以创建一个 if 语句,因此它只能由用户级别为 1 的用户查看。我尝试了一个 if 语句,但我得到一个 Unexpected T_STRING 我的数据库有这个http://prntscr.com /glmqi cat_mod 用于 if 语句,因为它是主持人主题。

<?php





$sql = "SELECT
        cat_id,
        cat_name,
        cat_description
    FROM
        categories
    WHERE
        cat_id = " . mysql_real_escape_string($_GET['id']);

$result = mysql_query($sql);

if(!$result)
{
echo 'The category could not be displayed, please try again later.' .   mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
    echo 'This category does not exist.';
}
else
{
    //display category data
    while($row = mysql_fetch_assoc($result))
    {
        echo '

<h3>You are currently in this section: <u>' . $row['cat_name'] . '<u/></h3>
</div>
  <div class="container_oro2" style="overflow: hidden;">
  Users currently viewing this section:
  </div><div class="header">
    <h3 class="header_title">Topics in this section</h3>
    <div class="header_topics">Hits</div>
    <div class="header_replies">Replies</div>
    <div class="header_action">Last Action</div>
</div><table class="container">';
    }

    //do a query for the topics
    $sql = "SELECT  
                topics.topic_id,
                topics.topic_subject,
                topics.topic_date,
                topics.topic_cat,
                topics.topic_by,
                topics.view,
                topics.reply,
                users.user_id,
                users.user_name
            FROM
                topics

            LEFT JOIN
                    users
                ON
                    topics.topic_by = users.user_id             
            WHERE
                topic_cat = " . mysql_real_escape_string($_GET['id']);

    $result = mysql_query($sql);

    if(!$result)
    {
        echo 'The topics could not be displayed, please try again later.';
    }
    else
    {
        if(mysql_num_rows($result) == 0)
        {
            echo 'There are no topics in this section yet.';
        }
        else
        {
            //prepare the table



            while($row = mysql_fetch_assoc($result))
            {               
                echo '




                <tr class="altcolor_2">';

            echo '<td class="title">';
            echo '  <table>';
                    echo '<tr>';
                        echo '<td class="title_icon_small">
                            <img src="http://www.naruto-boards.com/images/forum/topic_old.gif" alt="" />                            </td>
                        <td class="title_icon_small">
                            <img src="http://www.naruto-boards.com/images/forum/topic_sticky.gif" alt="" />                             </td>
                        <td class="title_title">';
                            echo '<h4 class="inline"><a href="/index.php?area=topic&id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a>   ';                                          echo '<img class="pages" src="http://naruto-boards.com/images/forum/topic_paging.gif"  alt="" /> </h4> ';
                            echo'<span>Started on ';  echo date(" F j, Y, g:i A", strtotime($row['topic_date'])); echo' by <a  href="/profile/kross/" class="profilelink"></a></span>';
                        echo '</td>';
                    echo '</tr>';
                echo '</table>';

            echo '</td>';
            echo '<td class="info1">' . $row['view'] . '</td>';
            echo '<td class="info1">' . $row['reply'] . '</td>';
            echo '<td class="info2">
                <div>';
                    echo'Date: ';echo date(" F j, Y, g:i A", strtotime($row['topic_date']));echo'<br />';
                    echo 'By: <a href="/profile/igi33/"  class="profilelink"></a>';

                echo '</div>';
            echo '</td>';
        echo '</tr>';
        echo '<tr class="spacer"><td colspan="4"></td></tr>


';








            }
        }
    }
}
}


?>
4

2 回答 2

0

尝试在,if的末尾添加一个$sql$result = ....

if ($user_level != 1) { $sql .=  " AND `cat_mod` = 0";}
于 2012-10-01T21:43:26.733 回答
0

您需要进行数据库调用以获取cat_mod并将其与您的用户级别进行比较(最好您将在脚本的一开始就拥有您的用户级别。)并将这两个值相互比较。与此类似的东西。

<?php
$sql = "select name, level 
        FROM users 
        WHERE id = $userId 
        AND name = $userName"; // You have to be storing a cookie or something so that we know the user is logged in and is who they say they are.
$result = mysql_query($sql);
$user = mysql_fetch_assoc($result);
?>

您现在可以有条件地附加到您的 SQL 语句,检查是否允许用户查看 mod 类别。

$sql = "SELECT
    cat_id,
    cat_name,
    cat_description
FROM
    categories
WHERE
    cat_id = " . mysql_real_escape_string($_GET['id']);

if ($user["level"] == 0) {
    $sql .= " AND cat_mod = 0";
}

请注意,我列出的两个 SQL 调用实际上都不是安全的。

于 2012-10-01T21:47:27.330 回答