tags:

views:

95

answers:

3
Q: 

Ifstatement used to make a functionality button appear?

I am on my 2nd day(16th hour) of trying to get my delete button to do what I want with PHP. I have a site that is a social network that has user profiles. Users can leave comments on another users profile. I am trying to put a delete link in a designated area that only shows up if you are viewing your own profile and goes away when you are viewing someone elses profile. I am also not wanting to make a delete confirm page. I want the page to reload with the comment selected to delete gone, and be sent to my db marked as dead. This is what I have so far:

           <?php

           $query = "SELECT * FROM `ProfileComments` WHERE `ToUserID` = '".$prof->id."' ORDER BY `date` DESC, `time` DESC LIMIT 10";


           $request = mysql_query($query,$connection);


           while($result = mysql_fetch_array($request)) {





           $poster = new User($result['FromUserID']);

           echo "<div id='CommentProfile'>";
           echo "<div id='CommentPhotoProfile'>";
           echo "<a href='http://www.blah.org/Profile.php?id=".$poster-&gt;id."'&gt;";
           echo "<img src='" . $poster->img('mini') . "' border='0'/>";
           echo "</a>";
           echo "</div>";
           echo "<div id='ProfileCommentBody' class= 'round_10px'>";
           echo "<div id='CommentNameProfile'>";
           echo "<div class='ProfileCommentTail'>&nbsp;</div>";
           echo "<a href='http://www.blah.org/Profile.php?id=".$poster-&gt;id."'&gt;";
           echo $poster->first_name. " ". $poster->last_name. " <span style='font-weight:normal'>says...</span>";
           echo "</a>";
           echo "</div>";
           echo stripslashes(nl2br($result['commentProfileBody']));
           echo "<div id='CommentInfoProfile'>";
           echo date('M d, Y',strtotime($result['date']));
           echo " at " . date('g:i A',strtotime($result['time']));
           if ($poster->id == $prof->id)
           echo "<a href='http://www.blah.org/DeleteComment.php?id=".$prof-&gt;id."'&gt;";
           echo " delete";
           echo "</a>";
           echo "</div>";
           echo "</div>";
           echo "</div>";
           }

           ?>

do I need to make a seperate query underneath the one I already have that is for the composition of the comments? do I need to add on to that query? how do I make the delete button only appear when the user is looking at their own page? how do I make the page reload with the comment gone after I selected it deleted and mark it dead in the db?

thank you in advance

+2  A: 

Be careful if all you do after authorization of the delete privilege is then hide or not hide a button.

If users figure out another way to invoke the delete action, that kind of authorization checking won't work. For example, if your implementation uses a "delete URL" that encodes the delete command, and your button merely POSTs to that URL, then when the button is hidden, a user could manually post the delete command.

Heath Hunnicutt  2009-11-02 20:49:10
thanks, that is great to know, but I still have a way before I get there, I need to figure out how to get that to work and then I will worry about that
Ralph The Mouf  2009-11-02 20:52:54
+2  A: 

Fill in your variables:

if ($current_user_id == $profile_user_id)
    echo '<a href="deletelink">delete</a>';
Franz  2009-11-02 20:54:56
sweet thanks man, how do I make the "deletelink" actually delete the comment(code) and send it marked as dead to the db?
Ralph The Mouf  2009-11-02 20:58:56
Ralph, it seems like you might be looking for RentACoder.com
Heath Hunnicutt  2009-11-02 21:01:39
The SQL query will look something like this: DELETE FROM comments WHERE id=#commentId#
Franz  2009-11-02 21:02:31
thanks for the encouragement Heath, I thought this site was supposed to be about people helping others out,not arrogant trash talking
Ralph The Mouf  2009-11-02 21:04:45
He's not trashing you, but he's right as far as this site is not about getting your coding done here.However, if you need any more help, contact me at franz -at- develophp.<the domain that's used for organizations>
Franz  2009-11-02 21:16:11
I'm not trying to get my coding done, I'm stuck on a single function and am trying to get advice from experienced developers. Is that not what this site is for? ifnot what am i supposed to ask?
Ralph The Mouf  2009-11-02 21:20:28
Did you make the site yourself? Because I think it's somewhat strange that you _can_ make the functionality of adding comments but not of deleting them. I could be mistaken of course.If you're using a framework or a CMS, by all means let us know, so we can help you better
Niels Bom  2009-11-02 23:31:52
Yes I did make it from scratch using html,css and php, however I am new had a deadline so a friend helped me out with some of the php stuff, I am still learning and there is some stuff I am fumbling with, so if you find it strange, or think I should go to "rent-a-coder". Please keep it to yourself, because as far as I understand one of the purposes of this site is for new developers like to me get advice from more experienced developers who WANT to share their knowledge. If you don't totally cool, but please keep it to yourself. thank you
Ralph The Mouf  2009-11-03 01:17:39
+1  A: 

This is toatlly lame, code, but just a random thought since you are really giving us nothing to work with. Take it for what it is:

function getPageUserID()
{
    return $_GET['userID'];
}
if ($user->userID == getPageUserID())
{
 //show delete button
    echo '<button value="Delete">Delete</button>';
}
Zak  2009-11-02 20:56:40

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases