-1
由于我是新来的PHP,我发现这个极其复杂的解决。我有这个查询显示用户不应该这样做的结果。多表查询加入
的问题是销售代理能够看到他没有被授权的用户看到的投诉。这涉及用于客户的账户表。
$priv = "dire problem" ,
$naone = "not serious" ,
$priv2 = "mild prblem"
are sorting conditions.
$aid is the agent viewing this page.
Complaints is for complaints by the customers.
Accounts table holds all the customer information.
Agents table is for all the sales/customer reps.
代码:
$sql = "SELECT complaints.complaint_id, accounts.full_name,
agents.agent_name, complaints.person_id, complaints.why_complaint,
complaints.just_date, complaints.type, complaints.date_time_added FROM
complaints LEFT JOIN accounts ON complaints.person_id = accounts.person_id
LEFT JOIN agents on complaints.agent_whois = agents.agent_id WHERE
(complaint_type = '$priv' OR complaint_type = '$naone' OR complaint_type = '$priv2') and
(complaints.added_by <> '$aid')";
$result=mysql_query($sql);
$query = mysql_query($sql) or die ("Error: ".mysql_error());
if ($result == "")
{
echo "";
}
echo "";
$rows = mysql_num_rows($result);
if($rows == 0)
{
print("");
}
elseif($rows > 0)
{
while($row = mysql_fetch_array($query))
{
$complaintid = $row['complaint_id'];
$agentwho = $row['person_id'];
$agentname = $row['agent_name'];
$reason = $row['why_complaint'];
$datetimeadded = $row['just_date'];
$docname = $row['full_name'];
$type = $row['type'];
print("");
}
}
你想解决什么问题? – str
我与这个问题ediiting它 – AAA
困惑,你试图限制视图只显示那些已被分配给该代理,或者是你想将其限制在经许可的一级代理商? – espradley