I have a script that allows me to post comments, but when i try to delete that comment i get a error message telling me that a specific variable is undefined. I refresh the page and try again, and suddently it works.
template_test.php
<?php
if($author == $log_username || $account_name == $log_username ){
$statusDeleteButton = '<span id="sdb_'.$statusid.'"><a href="#" onclick="return false;" onmousedown="deleteStatus(\''.$statusid.'\',\'status_'.$statusid.'\',\''.$DB_table.'\');" title="DELETE THIS STATUS AND ITS REPLIES">delete status</a></span> ';
}
?>
<script>
function deleteStatus(statusid,statusbox,document){
var ajax = ajaxObj("POST", "php_parsers/status_system2.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) === true) {
if(ajax.responseText === "delete_ok"){
// remove the div all of the tekst is inside, the textarea and the reply button
_(statusbox).style.display = 'none';
_("replytext_"+statusid).style.display = 'none';
_("replyBtn_"+statusid).style.display = 'none';
} else {
alert(ajax.responseText);
}
}
}
ajax.send("action=delete_status&statusid="+statusid+"&document="+document);
};
</script>
php_parsers/status_system2.php
<?php
// fires of when the someone deletes a thread
if (isset($_POST['action']) && $_POST['action'] == "delete_status" && !empty($_POST['document'])){
if(!isset($_POST['statusid']) || $_POST['statusid'] == ""){
echo "status id is missing";
exit();
}
// sanitize the inserted status id
$statusid = preg_replace('#[^0-9]#', '', $_POST['statusid']);
// check to see which page the user is on, then give different variables that contain different DB tables
// check to see whether or not the user replied to a status from user.php or watch.php
if($_POST['document'] == "comments") // this means the user replied within watch.php
{
$DB_table = "comments";
}
else if($_POST['document'] == "status") // this mean that the user replied within user.php
{
$DB_table = "status";
}else{
echo 'Error: this is an unexpected situation. What is happening? ' . $_POST['document'];
}
// Check to make sure the person deleting this reply is either the account owner or the person who wrote it
if($DB_table == null){
echo 'Can\'t look up nuthin';
}else{
// Check to make sure the person deleting this reply is either the
//account owner or the person who wrote it
$sql = "SELECT account_name, author FROM $DB_table WHERE id='$statusid' LIMIT 1";
$query = mysqli_query($con, $sql);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$account_name = $row["account_name"];
$author = $row["author"];
}
}
// delete the thread and it replies with the same osid
if ($author == $log_username || $account_name == $log_username) {
$sql = "DELETE FROM $DB_table WHERE osid='$statusid'";
mysqli_query($con, $sql);
echo "delete_ok";
exit();
}
}
?>