I am on my 2nd day(16th hour) of trying to get my delete button to do what I want with PHP. I have a site that is a social network that has user profiles. Users can leave comments on another users profile. I am trying to put a delete link in a designated area that only shows up if you are viewing your own profile and goes away when you are viewing someone elses profile. I am also not wanting to make a delete confirm page. I want the page to reload with the comment selected to delete gone, and be sent to my db marked as dead. This is what I have so far:
<?php
$query = "SELECT * FROM `ProfileComments` WHERE `ToUserID` = '".$prof->id."' ORDER BY `date` DESC, `time` DESC LIMIT 10";
$request = mysql_query($query,$connection);
while($result = mysql_fetch_array($request)) {
$poster = new User($result['FromUserID']);
echo "<div id='CommentProfile'>";
echo "<div id='CommentPhotoProfile'>";
echo "<a href='http://www.blah.org/Profile.php?id=".$poster->id."'>";
echo "<img src='" . $poster->img('mini') . "' border='0'/>";
echo "</a>";
echo "</div>";
echo "<div id='ProfileCommentBody' class= 'round_10px'>";
echo "<div id='CommentNameProfile'>";
echo "<div class='ProfileCommentTail'> </div>";
echo "<a href='http://www.blah.org/Profile.php?id=".$poster->id."'>";
echo $poster->first_name. " ". $poster->last_name. " <span style='font-weight:normal'>says...</span>";
echo "</a>";
echo "</div>";
echo stripslashes(nl2br($result['commentProfileBody']));
echo "<div id='CommentInfoProfile'>";
echo date('M d, Y',strtotime($result['date']));
echo " at " . date('g:i A',strtotime($result['time']));
if ($poster->id == $prof->id)
echo "<a href='http://www.blah.org/DeleteComment.php?id=".$prof->id."'>";
echo " delete";
echo "</a>";
echo "</div>";
echo "</div>";
echo "</div>";
}
?>
do I need to make a seperate query underneath the one I already have that is for the composition of the comments?
do I need to add on to that query?
how do I make the delete button only appear when the user is looking at their own page?
how do I make the page reload with the comment gone after I selected it deleted and mark it dead in the db?
thank you in advance
Be careful if all you do after authorization of the delete privilege is then hide or not hide a button.
If users figure out another way to invoke the delete action, that kind of authorization checking won't work. For example, if your implementation uses a "delete URL" that encodes the delete command, and your button merely POSTs to that URL, then when the button is hidden, a user could manually post the delete command.
Fill in your variables:
if ($current_user_id == $profile_user_id)
echo 'delete';
This is toatlly lame, code, but just a random thought since you are really giving us nothing to work with.
Take it for what it is:
function getPageUserID()
{
return $_GET['userID'];
}
if ($user->userID == getPageUserID())
{
//show delete button
echo '<button value="Delete">Delete</button>';
}
Related
So currently, I'm making a music database online. The part I'm trying to implement is a playlist function so that given a list of your playlists, you can click one and view the music. What I have is this:
if($result = mysqli_query($link, $playlist))
{
if(mysqli_num_rows($result) > 0)
{
echo "<h1 style='text-align:center;'>Playlists</h1>";
echo "<table style='width:100%'>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . '<a href="getPlaylist.php>' . $row['name']."</td>";
echo "</tr>";
}
echo "</table>";
mysqli_free_result($result);
So I need it so that once someone clicks the link, it will transition them into getPlayList.php and also send over the name in the link, (technically $row['name']) so that I can actually pull up the information in the SQL database. I've tried doing things like:
echo "<td>" . '<a href="getPlaylist.php?link=' . $row["name"]. '">' . $row['name']."</td>";
but to no avail. Can anyone help?
edit:
So what this segment is supposed to do is, it makes a table with each row having a link to a different playlist, but they all go to "getPlaylist.php" where using the name of the link clicked, it will then retrieve all the songs that exist inside it.
edit: solved thanks to RamRaider
I had to use $_GET['link'] in getPlaylist.php
I have this piece of code below. It displays the image and name of all the entries in a table in my database. The name is set up to become a hyperlink.Is it possible to make it so when one specific name is clicked that data for only that specific name will be displayed on the page you are sent to?
So for example if I select the first entry that is displayed back "mealname1" and it takes me to the showrecipe.php page, can I make it so I can display all the data I have for "mealname1" and only "mealname1". I'm really lost, I have scoured the internet and my php books but can't find anything to that is relevant.
If there is no way of doing it is there an obvious solution that I am missing?... I am very much a novice to this... thanks for your help guys.
<?php
require("db.php");
$prodcatsql = "SELECT * FROM recipes";
$prodcatres = mysql_query($prodcatsql);
$numrows = mysql_num_rows($prodcatres);
if($numrows == 0)
{
echo "<h1>No Products</h1>";
echo "There are no recipes available right now.";
}
else
{
echo "<table id='recipetable'>";
while($prodrow = mysql_fetch_assoc($prodcatres))
{
echo "<tr>";
if(empty($prodrow['image'])){
echo "<td><img
src='./images/No_image.png' alt='"
. $prodrow['mealname'] . "'></td>";
}
else {
echo "<td><img src='./images/".$prodrow['image']
. "' alt='"
. $prodrow['mealname'] . "'></td>";
}
echo "<td>";
echo ''.$prodrow['mealname'].'';
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
?>
Change the query to
SELECT * FROM recipes WHERE mealname='$mealname' LIMIT 1;
You can remove "LIMIT 1" if you want but this makes sure you will only get 1 or 0 row back. Don't forget to escape the string.
So I have looked through many of the other questions posted but none seemed to properly answer my question.
I currently have a php script that reads rows from a database and runs a loop to display the info of each row in a html div.
The issue I am now having is that in each "card" of info previously loaded there has a picture. And when the picture is clicked I need to load a different file names listing.html. The problem is that depending on which picture is clicked on I want to load different information based on which listing was clicked on. I looked into using sessions but since i dynamically load all of the pictures in one loop I do not know a way to differentiate between them.
here is the code I currently have that loads all the info from the database.
$query = "SELECT * FROM Listings ORDER BY OrderNumber";
if ($result = mysqli_query($con, $query))
{
while ($row = mysqli_fetch_row($result))
{
echo "<div class ='listing'>";
echo "<a href='listing.html'>";
echo "<img src=$row[2] alt='' width='60%' align='left' >";
echo "</a>";
echo "<span style = 'font-size: 25px;'>";
echo $row[4];
echo "</span>";
echo "<br>";
echo "<br>";
echo "MLS Number: #";
echo $row[1];
echo "<br>";
echo "<br>";
echo "<b>Open House Details: </b>";
echo $row[6];
echo "<br>";
echo "<br>";
echo $row[5];
echo "<br>";
echo "<br>";
echo "<a href='";
echo $row[9];
echo "' style='color: #8a0b0b; font-weight: bold; font-style: italic; font-size: 18px;' target='_blank'>Virtual Tour</a>";
echo "<div class='listingPrice'>";
echo "$ ";
echo $row[7];
echo "</div>";
echo "</div>";
}
mysqli_free_result($result);
}
I need some way that when the a tag is clicked to first be able to discern which picture was clicked then probably make a session variable with the corresponding row.
When you output the link, include a query string value from the row in the data. Something like this:
echo "<a href='listing.html?id=" . row[0] . "'>";
(I'm just guessing on the row[0] part, it would be any identifier which uniquely identifies that record.) That way all of the links would have the data you need on the listing.html page embedded directly in them. (Shouldn't it be listing.php?)
So on the page being referenced, the value would then be available in the query string. Something like this:
$_GET["id"]
There really isn't a need for session state in this case, if all you need to know is which record was clicked then that information can be placed directly in the link. This reduces coupling in the code, keeps the links a little more RESTful, even lets people bookmark the link directly if they want to.
I have table with items and for each item there is an option for user to delete and restore it. And there is special php file for it 'delete.php'.
print "<td>";
if ($row['deleted'] == 'y') {
print "<a href='delete.php?id=2'>Undeleted</a> ";
}
if ($row['deleted'] == 'n') {
print "<a href='delete.php?id=1'>Deleted</a> "; //'$_GET['id']'
}
print "</td>"
My question is how can I get the id of item that user clicked and send it to 'delete.php'?
So instead of
"<a href='delete.php?**id=2**'>Undeleted</a> ";
there should be something like:
"<a href='delete.php?**$_GET['id']'**'>Undeleted</a> ";
or
"<a href='delete.php?**<?php $_GET['id'] ?>**'>Undeleted</a> ";
but in second example it doesn't make sense php inside php. I think I probably just don't know correct syntax.
what's wrong with
echo "<a href='delete.php?id=$_GET[id]'>Undeleted</a>";
?
or, in somewhat more modern terms:
echo <<<EOL
Undeleted
EOL;
If you just want to send the id to delete.php, just keep your HTML part as it is :
print "<td>";
if ($row['deleted'] == 'y') {
print "<a href='delete.php?id=2'>Undeleted</a> ";
}
if ($row['deleted'] == 'n') {
print "<a href='delete.php?id=1'>Deleted</a> "; //'$_GET['id']'
}
print "</td>"
Inside delete.php, Access the id as :
$id = $_GET['id']
If you want to tell the delete.php whether to delete or restore the item, you might want to add another param to the URL like delete.php?id=1&action=d or delete.php?id=1&action=u
Now, if your id comes from a GET parameter of the above file like file.php?id=1, you will have to access it like -
print "<a href='delete.php?id={$_GET[id]}'>Undeleted</a> ";
Make sure that you sanitize and escape this id value before using it in the query.
I have a link/page 'myfiles.php' which shows the details of the file that a certain user uploaded. But after clicking again/entering the 'myfiles.php' into the address bar, the records are gone in the page. What's supposed to be the solution? Please help. Thanks. Here's my code:
while ($row=mysql_fetch_array($query)) {
$row1 = $row['name'];
$row2 = $row['size'];
$row3 = $row['type'];
$delfile = "<a href='deletefile.php?file=$row1'>Delete file</a>";
$dlfile = "<a href='download.php?file=$row1'>Download</a> ";
echo "<p>";
echo $row1;
echo "<br>";
echo $row2;
echo "<br>";
echo $row3;
echo "<br>";
echo $dlfile;
echo $delfile;
}
Are you using some sort of browsing accelerator and donĀ“t you have a deletion confirmation?
It seems your browser is requesting all links on your page and deleting your records.
If you want to delete, insert, update, etc. records in a database, it is a very good idea to use POST instead of GET (like a clickable link), so you would have to add a form around every entry that posts the data to the server. You can of course skip this, but then you definitely need a POST based deletion confirmation.
I am assuming that $usersess is not changing? If this is dependent on a session or cookie - you should check that it is not expiring or being destroyed.
$query = mysql_query("SELECT * FROM uploadedfiles WHERE username='$usersess' ");
while ($row = mysql_fetch_array($query)) {
$delfile = "Delete file";
$dlfile = "Download ";
echo "<p>{$row['name']}<br>
{$row['size']}<br>
{$row['type']}<br>
{$dlfile}{$delfile}</p>";
}