Leaderboard

in real life, data is almost never actually deleted. it is just UPDATEd to mark it as deleted, then it is excluded from most database operations, using a table view. you may want to restore it at some point or by keeping a history, you can detect nefarious activity by users. you would use a post method form when deleting data, not a link. the way to accomplish the operation you are asking about is straightforward. you would enforce ownership or administrator-ship, by only outputting the delete form, with a hidden field containing the id of the data, and enabling the delete form processing code, if the current logged in user's id matches the owner id of the data or the currently logged in user is an administrator (assuming the system has user roles.)

You're going to need to setup some kind of security check - Here's a example function check_security($id) { // Example of PHP Connection $db = new PDO('mysql:host=localhost;dbname=your_database', 'username', 'password'); $sql = "SELECT security FROM user_table WHERE id=:id LIMIT 1"; $stmt = $db->prepare($sql); // Bind the named parameter :id to the value $id $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); // Fetch the result as an associative array $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result && $result['security'] === 'admin') { return true; } return false; } then simply // Check if the user has admin security by calling the check_security function if (check_security($id)) { // If the function returns true, echo out an HTML anchor tag that leads to delete-post.php // The id of the row to delete is passed in the query string of the URL // Inside the anchor tag is a button with the class btn3 and the text DELETE echo '<a href="delete-post.php?id='.$row['id'].'"><button class="btn3">DELETE</button></a>'; } You will still need to check the delete-post.php in order to stop some one from directly accessing that file. This is just a quick example and you can even do that for the original user - just check to see if the user's id for the post matches the original poster's id. Just setup an addition column like user_id in the database table that contains the posts (if you haven't already done so).