开发者

Deleting forum posts

问答 作者:

I have a table with the following fields: wall_posts, group_id, id, and user_id.

Wall_posts is user entries, group_id is imported from another table and is just a unique group id, id is just a simple counter, and user_id gets the user id from the session.

My code gets rid of all the wall_posts if you press the delete button by comparing the user id to the user in session. I'm tryi开发者_运维百科ng to find a way to delete individual posts and not all the posts by the user.

Here is the code: 

if (isset($_POST['delete'])) {
    $current_user = $_SESSION['user_id'];
    $result = mysql_query("SELECT * FROM group_posts");
    while ($user_id = mysql_fetch_array($result)) {
        $id = $user_id['user_id'];
    }
    if ($current_user == $id) {
        mysql_query("DELETE FROM group_posts WHERE $current_user = $id") or die(mysql_error());
    }
}

How can I bound the delete button to individual posts instead of deleting all the posts made by the user currently in session?

Your SQL query above doesn't make sense - the WHERE statement should be in the form WHERE column_name = value.

Assuming id is the primary key for group_posts, as you're displaying posts, create a link for each post created by the author, e.g. <a href="delete.php?delete=3">Delete This Post</a> for post with id 3. Then you'd do a query like this:

DELETE FROM group_posts WHERE id = postIdValueHere

Using the code pattern you have above:

if (isset($_POST['delete']) && $_POST['delete'] > 0) {
$current_user = $_SESSION['user_id'];
$post_id = (int) $_POST['delete'];

if ($current_user == $id) {
    mysql_query("DELETE FROM group_posts WHERE id = $post_id AND user_id = $id") or die(mysql_error());
}

That query ensures that only posts with a given ID, created by the current author, can be deleted.

Does that answer your question?

Once you get more comfortable with SQL, you might also want to look into using prepared statements with mysqli or PDO. That will help your code clean and secure.

I'm assuming your delete buttons are simple links. Your links must contain all the information to delete a post. One way would be to pass a post id as a GET variable (e.g. link="myurl.com/posts/delete?id=#").

Your script would then at first make sure the current user is allowed to delete the post. For example:

$user_id = $_SESSION['user_id'];
$post_id = (int) $_GET['id'];
if(canDelete($user_id, $post_id))
{
    // assuming post_id is unique for every post
    $sql = sprintf("DELETE FROM group_posts WHERE id = %d", $post_id);
    mysql_query($sql);
}

Of course, you'd have to implement canDelete($user_id) yourself.

By the way, "DELETE FROM group_posts WHERE $current_user = $id" always deletes every record in your table. At first you're comparing if $current_user equals $id and if they do happen to be equal, your query would look something like WHERE 1 = 1. I think you mean "DELETE FROM group_posts WHERE user_id = '$id'"

EDIT: It seems you want to use ajax for deleting your posts. I recommend using jQuery or any other proper javascript framework as it saves you time. Here is a link from the jQuery documentation describing how to make an ajax call to the server and a similar question to help you understand better.

继续阅读:dom-eventsjavascriptphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9