Php MySQL查询-如何防止普通用户看到员工帖子？_Php_Mysql_Codeigniter

Php MySQL查询-如何防止普通用户看到员工帖子？

php mysql codeigniter

Php MySQL查询-如何防止普通用户看到员工帖子？,php,mysql,codeigniter,Php,Mysql,Codeigniter,在我的论坛上，我遇到了一个问题，非工作人员可以查看普通用户隐藏的与工作人员相关的帖子。经过调查，我发现与员工相关的话题不会出现，而个别帖子会出现在mycontroller/profile.php中，对于posts（），它显示： $user_posts = $this->db->query("SELECT topics.topic_id as tp_id, forums.staff,

在我的论坛上，我遇到了一个问题，非工作人员可以查看普通用户隐藏的与工作人员相关的帖子。经过调查，我发现与员工相关的话题不会出现，而个别帖子会出现

在my

controller/profile.php

中，对于posts（），它显示：

$user_posts = $this->db->query("SELECT topics.topic_id as tp_id,
                                forums.staff,
                                topics.topic_title,
                                tp_new.post_id as ps_id,
                                tp_new.topic_post_id as tps_id,
                                tp_new.topic_id,
                                tp_new.author_id,
                                tp_new.post_time,
                                topic_post_text.text as post_body
                        FROM (SELECT post_id FROM topic_posts WHERE topic_posts.author_id = ".$user_id." ORDER BY post_id DESC LIMIT ".$this->uri->segment(4, 0).", ".$config['per_page'].") tp_old
                        JOIN topic_posts tp_new ON tp_new.post_id = tp_old.post_id
                        JOIN `topic_post_text` ON `topic_post_text`.`post_id` = `tp_new`.`post_id`
                        JOIN `topics` ON `tp_new`.`topic_id` = `topics`.`topic_id`
                        JOIN `forums` ON `forums`.`forum_id` = `topics`.`forum_id`
                        ORDER BY tp_new.post_id DESC")->result_array();

    $user_topics = $this->db->select('*')
                            ->from('topics')
                            ->where('topics.topic_author', $user_id)
                            ->where('forums.staff', 0)
                            ->join('forums', 'forums.forum_id = topics.forum_id')
                            ->order_by('topics.topic_id', 'desc')
                            ->limit($config['per_page'], $this->uri->segment(4, 0))
                            ->get()
                            ->result_array();

对于主题（），它显示：

$user_posts = $this->db->query("SELECT topics.topic_id as tp_id,
                                forums.staff,
                                topics.topic_title,
                                tp_new.post_id as ps_id,
                                tp_new.topic_post_id as tps_id,
                                tp_new.topic_id,
                                tp_new.author_id,
                                tp_new.post_time,
                                topic_post_text.text as post_body
                        FROM (SELECT post_id FROM topic_posts WHERE topic_posts.author_id = ".$user_id." ORDER BY post_id DESC LIMIT ".$this->uri->segment(4, 0).", ".$config['per_page'].") tp_old
                        JOIN topic_posts tp_new ON tp_new.post_id = tp_old.post_id
                        JOIN `topic_post_text` ON `topic_post_text`.`post_id` = `tp_new`.`post_id`
                        JOIN `topics` ON `tp_new`.`topic_id` = `topics`.`topic_id`
                        JOIN `forums` ON `forums`.`forum_id` = `topics`.`forum_id`
                        ORDER BY tp_new.post_id DESC")->result_array();

    $user_topics = $this->db->select('*')
                            ->from('topics')
                            ->where('topics.topic_author', $user_id)
                            ->where('forums.staff', 0)
                            ->join('forums', 'forums.forum_id = topics.forum_id')
                            ->order_by('topics.topic_id', 'desc')
                            ->limit($config['per_page'], $this->uri->segment(4, 0))
                            ->get()
                            ->result_array();

如何将我的帖子显示更改为不显示员工帖子？

很抱歉没有提供答案，但代码看起来很复杂。至少，我尝试了URL，所有的SQL代码都被泄露了。确保没有错误的人在看它；）您的级别在哪里可以区分员工用户和普通用户？@RowanFreeman如何让它看到替代方案x@Bender我认为0=员工？