Jump to content

Deleting Post Script help...


ColdEdge
 Share

Recommended Posts

Ok, so I made a delete post script that requires to validate users id before deleting the post, but its not working here is the script..

<?php$topic = $_GET['id'];$post = $_GET['post'];$mysql = mysql_query("SELECT * FROM posts WHERE post_id = ".$_GET['post']." AND post_by = ".$_SESSION['user_id']."");$row = mysql_fetch_array($mysql);$postersId = $row['post_by'];$isOwner = $postersId;$isOwnerCheck = $row['post_by'];if($isOwner == $isOwnerCheck) {echo "<div style='padding:8px;background-color:#fae7af;'>Post Deleted!</div><br>";echo "Go back to the  » <a href='topic.php?id=".$topic."'>topic</a>.";$query = mysql_query("DELETE FROM posts WHERE post_id = '$_GET[post]'");} elseif($isOwner != $isOwnerCheck) {echo "<div style='padding:8px;background-color:#fae7af;'>You don't have required rights to delete this topic.</div><br>";echo "Go back to the  » <a href='topic.php?id=".$topic."'>topic</a>.";}?>

- Thanks in advance

Link to comment
Share on other sites

Ok, so I made a delete post script that requires to validate users id before deleting the post, but its not working here is the script..
When you say, "not working", what specifically isn't working? Are the 'topic' and 'post' variables being received but not acted on? Are you seeing any error messages?Also, I'm not sure but the two quotes at the end of this bit might be an issue:$_SESSION['user_id']."");
Link to comment
Share on other sites

@End Userthe quote issue is not the problem note this part ^^ mysql_query(" the problem is this if the user is not the poster of the post, his/her post should not be deleted by other members. However in my case there seems to be a problem with checking if the current user that is requesting to run action delete is truly the post owner. If the users ID dose not match post_by id in MySQL the post should not be deleted, but its still is deleted. The only members who can delete any ones posts are admins and staff but not any other user.

Link to comment
Share on other sites

$postersId = $row['post_by'];$isOwner = $postersId;$isOwnerCheck = $row['post_by'];

This code takes 3 lines to make 2 assignments, but if you look closely you will see that $isOwner and $isOwnerCheck will always have the same value ($row['post_by']), as BigDave pointed out. So your condition always returns true.

Link to comment
Share on other sites

It is hard for an outsider to know, since we do not know the structure of your table or the kinds of values stored there.Have you tested the value of $query, or looked for mysql errors after that value is returned? It is always good practice to test mysql return values.In older versions of PHP, this technique for interpolating array values was permitted:"DELETE FROM posts WHERE post_id = '$_GET'"I refer to this part: '$_GET'The technique is deprecated now and may be causing problems. Try using the recommended syntax:"DELETE FROM posts WHERE post_id='{$_GET['post']}'"Or simply concatenate your string the way you do for your first query. Something like:"DELETE FROM posts WHERE post_id='" . $_GET['post'] ."'"Have you even tested this query using literal values instead of variables? --just to make sure it works, I mean?

Link to comment
Share on other sites

O, I am terribly sorry for not providing all of the data here it isposts table structure

CREATE TABLE `posts` (  `post_id` int(8) NOT NULL auto_increment,  `post_content` text character set utf8 NOT NULL,  `post_date` datetime NOT NULL,  `post_topic` int(8) NOT NULL,  `post_by` int(8) NOT NULL,  PRIMARY KEY  (`post_id`),  KEY `posts_ibfk_1` (`post_topic`),  KEY `posts_ibfk_2` (`post_by`)) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=16;

delete.php code [updated still dosen't work >.<]

<?phpinclude 'connect.php';include 'header.php';function crunchy($input) {	$valid_input = mysql_escape_string($input);	return $valid_input;}$topic = crunchy($_POST['tid']);$post = crunchy($_GET['post']);$mysql = mysql_query("SELECT * FROM posts WHERE post_id = ".$post." AND post_by = ".$_SESSION['user_id']."");$row = mysql_fetch_array($mysql);$postersId = $row['post_by'];$isOwner = $postersId;$isOwnerCheck = $row['post_by'];if($isOwner == $isOwnerCheck) {echo "<div style='padding:8px;background-color:#fae7af;'>Post Deleted!</div><br>";echo "Go back to the  » <a href='topic.php?id=".$topic."'>topic</a>.";$query = mysql_query("DELETE FROM posts WHERE post_id='{$_GET['post']}'");} elseif($isOwner != $isOwnerCheck) {echo "<div style='padding:8px;background-color:#fae7af;'>You don't have required rights to delete this topic.</div><br>";echo "Go back to the  » <a href='topic.php?id=".$topic."'>topic</a>.";}include 'footer.php';?>

topic.php delete part

$topicID = $row['topic_id'];<form action="delete.php" method="post">					<input type="hidden" name="post" value="' . $posts_row['post_id'] . '" />					<input type="hidden" name="tid" value="' . $topicID . '" />					<input type="submit" name="confirm" value="Delete" style="float:right;padding:3px;font-size:11px;"/>					</form>

topics table

CREATE TABLE `topics` (  `topic_id` int(8) NOT NULL auto_increment,  `topic_subject` varchar(255) NOT NULL,  `topic_date` datetime NOT NULL,  `topic_cat` int(8) NOT NULL,  `topic_by` int(8) NOT NULL,  `topic_status` int(1) NOT NULL default '0',  `topic_cby` varchar(30) NOT NULL,  PRIMARY KEY  (`topic_id`),  KEY `topic_cat` (`topic_cat`)) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3;

With the new delete.php code I am getting this error only

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\wamp\www\bbs\delete.php on line 15

However the Post Deleted! part is echoed out, but the post is not really deleted.

Link to comment
Share on other sites

However the Post Deleted! part is echoed out, but the post is not really deleted.
One thing I would recommend is having your code check the results of an action (like deleting a post) and then displaying a message indicating whether or not it succeeded. It's not really proper form to display a result message *prior* to the action it references. From what I can tell, it seems as though this line isn't doing what it's supposed to:$query = mysql_query("DELETE FROM posts WHERE post_id='{$_GET['post']}'");Just for grins, try this code and see what you get:
$post_id=$_GET['post'];print "POSTID: $post_id <br />";$query = mysql_query("DELETE FROM posts WHERE post_id='$post_id'");print "SQL:  DELETE FROM posts WHERE post_id='$post_id'";

I'm interested in seeing if the "post_id" is really making it to the query and this should show us that.

Link to comment
Share on other sites

The traditional way of checking data like that is something like this:var_dump ($_GET);Then you can examine all the GET data at once. Really, this is step one in any debugging process.It might also be worth wrapping your sql identifiers in backticks, as in:"DELETE FROM `posts` WHERE `post_id`='$post_id'"Some implementations don't care. Others won't work without them.

Link to comment
Share on other sites

The traditional way of checking data like that is something like this:var_dump ($_GET);Then you can examine all the GET data at once. Really, this is step one in any debugging process.
I know var_dump() would be the usual way to do this, but I didn't want to overwhelm him with what might be a lot of stuff to look through, I just wanted to focus on that one variable so he could see what it was doing. It seems like it's one of the key items here since the deletion isn't actually happening.
Link to comment
Share on other sites

@End Useryour code returned thisPOSTID: 16 SQL: DELETE FROM posts WHERE post_id='16' the post was deleted. But the other problem now is to check if the user who is requesting the delete post function is really the post owner. If not the script should cancel the user action and display specific message.

Link to comment
Share on other sites

Okay, good....the post_id is coming through correctly and the delete action is working. (I thought you said it wasn't deleting before?)So, to check that the user who is trying to delete the post is actually the post owner all you should need to do is check the "post_by" value of the post itself to see if that matches the $_SESSION['user_id'] , if I understand your table code correctly. Something like this, I would imagine:

if($_SESSION['user_id'] == $row['post_by']){// they are  the owner...   ....etc etc...}else{// not the owner...   ....etc etc...}

(Just my opinion, but I think you could do away with some of the extra "$isOwnerCheck" stuff, as long as you're legitimately checking that the user_id does indeed match the "post_by" value.)

the post was deleted. But the other problem now is to check if the user who is requesting the delete post function is really the post owner. If not the script should cancel the user action and display specific message.
Edited by End User
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...