开发者

php mysql if id in field

My database

comments

ID   mID   aID   attachID
1     1     6       1       
2     2     6       1
3     3   开发者_运维问答  6       1
4     8     6       2
5     4     6       2

So i'd like to allow access to user with mID to access attachID.

If they are viewing attachID 1, so users with mID of 1 or 2 or 3 can view. rest mID cannot.

EDIT : for attachID 1, users with mID 1 can see which other mID user can view too.

What would be the best approach to accomplish this?


function authorize($m_id, $a_id) {
   $query = <<<SQL
      SELECT
         TRUE
      FROM
         db.Table
      WHERE
         m_id = $m_id
         AND a_id = $_aid
SQL;
   return mysql_num_rows(mysql_query($query));
}

This function will return TRUE if m_id is authorized for a_id, false otherwise. Then on your php page you have something like:

if (!authorize($m_id, $a_id)) {
   header('Location: /not_authorized.php');
}
// Show normal apge for authorized user


If returns 0, user isn't authorized to view:

select count(1) from comments where mID = '$mID' and attachID = '$attachID'

Get all mIDs for a given attachID which can then be displayed to the user viewing the given attachID:

select mID from comments where attachID = '$attachID'
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜