PHP MYSQL: User Delete his own post -

-

i have created forum people can register/login post topics , replies.

now added delete link next each topic if pressed go deletetopic.php , if user has created topic deleted, if not, didn't create topic.

this deletetopic.php

<?php session_start(); include("config.php");  if(!isset($_session['uid'])){             echo "<p><b>error: please log in delete topic.";         }  if(isset($_session['username'])) {     $uid = $_session['uid'];      $id=$_get['id'];      $query1=mysql_query("delete topics id='$id' , uid='$uid'");     if($query1){         header('location:index.php');     }     else{         echo "<p><b>error: didnt make topic.";     } }

it doesnt work, gives me else {error}

here tables:

create table `users` (   `id` int(11) not null auto_increment,   `firstname` varchar(255) not null,   `lastname` varchar(255) not null,   `email` varchar(255) not null,   `username` varchar(255) not null,   `password` varchar(100) not null,    primary key (`id`)  create table `topics` (   `id` int(11) not null auto_increment,   `categoryid` tinyint(4) not null,   `topictitle` varchar(150) not null,   `topiccreator` int(11) not null,   `topiclastuser` int(11) not null,   `topicdate` datetime not null,   `topicreplydate` datetime not null,   `topicviews` int(11) not null default '0',   primary key (`id`)

edit:

uid comes here think: login.php

if (isset($_post['username'])){      $username = $_post['username'];      $password = $_post['password'];      $sql = "select * users username='".$username."' , password='".$password."' limit 1";      $result = mysql_query($sql) or die(mysql_error());      if (mysql_num_rows($result) == 1){          $row = mysql_fetch_assoc($result);          $_session['uid'] = $row['id'];          $_session['username'] = $row['username'];          header("location: index.php");          exit();      }else{          echo "<p>invalid information. please return previous page.";          exit();      }  }

update

if(isset($_session['username']))  {      $uid = $_session['uid'];       $id=$_get['id'];            $check = mysql_query("select * topics id = '$id' , topiccreator = '$uid'");      if($check){          $query1=mysql_query("delete topics id='$id' , topiccreator='$uid'");          header('location:index.php');      }      else{          echo "<p><b>error: didnt make topic.";      }  }

still doesnt work, goes index

there no uid column in table topics, topiccreator:

$query1=mysql_query("delete topics id='$id' , topiccreator='$uid'");

you should consider comments left here changing mysql mysqli or pdo. , use of prepared statements prevent sql injections.

there problem. need check if user topiccreator before deleting topic.

$check = mysql_query("select * topics id = '$id' , topiccreator = '$uid'");  if($check){ // allow deletion } else{ // don't allow deletion }

Comments

Post a Comment

Popular posts from this blog

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops', ...
Read more

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null ...
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens ...
Read more