Search code examples
phpmysqlsocial-networkingsql-delete

Status delete.php function

I have the button working, when I click the X button on my status it takes me to delete.php shows me the link in the browser and the streamitem_id number like so.

Here is the button 

echo '<a href="mysiteraw/sn-extend/theme/default/delete.php?='.$streamitem_data['streamitem_id'].'" onclick="show_confirm() alt="Delete" title="Delete" class="delete">X</a>&nbsp;&nbsp;&nbsp;&nbsp;';

And the link it gives out

my site /raw/sn-extend/theme/default/delete.php?=1516

I then see on this page 'cannot find comment' So can anyone help me with the delete.php page please?

Here is my SQL

CREATE TABLE IF NOT EXISTS on_streamdata ( streamitem_id int(11) NOT NULL auto_increment,
streamitem_type_id int(11) NOT NULL, streamitem_creator int(11) NOT NULL, streamitem_target int(11) NOT NULL, streamitem_timestamp datetime NOT NULL, streamitem_content varchar(5000) NOT NULL,
streamitem_public int(11) NOT NULL, streamitem_interactionallowed int(11) NOT NULL default '1',
streamitem_isgroupie int(11) NOT NULL default '1', streamitem_viaid int(11) NOT NULL default '0',
PRIMARY KEY (streamitem_id) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1953 ;

And here is my delete.php which is probably completely wrong as I'm new to PHP/MySql..Sorry

<?php
error_reporting (E_ALL ^ E_NOTICE);

$id=$_GET['id'];
$ipuser=getenv('REMOTE_ADDR');

//Connect to server and select databse.
mysql_connect("localhost", "", "")or die("cannot connect to server"); 
mysql_select_db("")or die("cannot select DB");;
$querycheck="SELECT streamitem_id FROM on_streamdata WHERE streamitem_id='$id'";
$resultcheck=mysql_query($querycheck);
$num=mysql_numrows($resultcheck);
if ($num==0) {
?>
<br>Comment not found.<br>
<br><br>
<a href="javascript: history.go(-1)">Back</a><br>
<?
} else {
$ip=mysql_result($resultcheck,0,"streamitem_id");
if ($ip==$ipuser) {

?>
<form method="post">
<p align="center">
Are you sure you want to delete this comment?
<input type="hidden" name="confirm" value="1">
<br>
<input type="Submit" value="Delete">
</form>
<?
$confirm=$_POST['confirm'];

if ($confirm==1) {


$query=" DELETE streamitem_id FROM on_streamdata WHERE streamitem_id='$id'";
mysql_query($query);
echo "<br>Comment Deleted.<br>";

?>
<br><br>
<a href="javascript: history.go(-2)">Back</a><br>
<?
} else {

?>
<br><br>
<a href="javascript: history.go(-1)">Back</a><br>
<?
}

} else {
?>
<br>You are not allowed to delete this comment.<br>
<br><br>
<a href="javascript: history.go(-1)">Back</a><br>
<?
}
}
mysql_close();
Solution

  • Ok, first you don't pass any variable via the url query string here

    echo '<a href="mysiteraw/sn-extend/theme/default/delete.php?PUT_SOME_NAME_HERE='.$streamitem_data['streamitem_id'].'" onclick="show_confirm() alt="Delete" title="Delete" class="delete">X</a>&nbsp;&nbsp;&nbsp;&nbsp;';

    Hint: on next page you search for $_GET['id'], so I presume you should put id instead of PUT_SOME_NAME_HERE in above example :)

    Try that and share results.

    In your code example, there is also missing database selection and passing of mysql user/password. Do you remove them in purpose just to not show sensitive information here?