Jump to content

Verifying correct user before deleting from mysql database

kevinw72

By kevinw72
in PHP Coding Help

 Share

Recommended Posts

kevinw72 Newbie

kevinw72

Posted
Posted

I have a membership site where members can add information about certain things.  They have the ability to delete things they add as well.  I have a page set up where users can delete an item by clicking a link. That link is collection.php?remove=ID (ID being a value in a mysql database).

 

The script works fine and does what it's supposed to, but anyone who is logged in can simply go to collection.php?remove=ID and delete it from the mysql database when they are not the member who created the information. How can I recode this to first check that the person who is logged in and deleting the information is the one who created the information. I don't want just anyone to delete, only the person who created it in the first place.

 

There are values in the mysql database that links each piece of information to the person who added it, I just don't know how to verify that the person who created it is the person who is deleting it.

 

Below is a snippet of the code which deletes from the mysql database when a user goes to collection.php?remove=ID

 

if(isset($_GET['remove'])) { 

$remove = $_GET['remove'];

	$sql = "DELETE from `collection` WHERE `id`=".$remove.";";
		$query = mysql_query($sql);
		header('Location: collection.php?remove=true');
		exit();

 

Sorry for not being more thorough. I hope someone can understand and provide some feedback. Any help would be appreciated.

 

Thank you.

bobert5696 Newbie

bobert5696

Posted
Posted

In the table is there a column for who created the content? Assuming that was a user id, just surround it with an if statement like

if(getCurrentUser() == getAuthorId($id) {
//code that deletes it here

}

function getCurrentUser() {
//code to return the user id of the current user
}

function getAuthorId(int $id) {
//code to return the user id of the article with the given id
}

 

Fairly sure something like that would work. I've been working primarily with java recently so I apologize if there are any syntax errors though, switching back and forth has been hellish on the brain for me.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.