ccrevcypsys Posted October 3, 2007 Share Posted October 3, 2007 I have a comment system on my web site. And i need to be able to edit the comment if it is my own comments like. I posted a comment and wish to edit or delete it. How would i get this to work if i dont want other people deleting mine or other peoples messages. Here is the code i am using. <table width="100%" border="0" cellspacing="0" cellpadding="4" class="tblList"> <tr class="songTitle"> <td width="20%">Time</td> <td width="30%">Comment</td> <td width="20%">Mood</td> <td width="20%">Customer</td> <td width="20%">Delete\Edit</td> </tr> <?php if($results == TRUE){ for ($i=0; $i<count($results); $i++){ ?> <tr> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['time']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['comment']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['mood']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"> <?php echo $results[$i]['customer_id']; ?></span></td> <?php if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) ){ ?> <td align="center" width="10%" class="tdlisting"><a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a>\<a href="?edit=<?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> </td> <?php }else{ echo '<td align="center" width="10%" class="tdlisting"> Nope! </td>';}?> </tr> <?php } // end loop ?> </table> Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Have you already a login system in place? If so, all you need do is validate your login credentials against the owner of the comment. eg; <?php if ($_SESSION['uid'] == $row['comments_user_id'])) { // edit. } else { echo "you are not permitted to edit this comment"; } ?> Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 so i changed it to this <?php if($_SESSION['customer_id'] == $row['customer_id'] ){ ?> <td align="center" width="10%" class="tdlisting"> <a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a> \ <a href="?edit= <?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> but it still loaded up the edit button and delete button for customer #33 and im customer #31. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 please use code tags.. too much of a pain to read that! Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 what do i make $row equal or does it already equal something? Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 someone please help me figure this out... Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Calm down, no need to bump after 10 minutes. $row was just an example. Its a little hard to tell from your code but it would appear the $results[$i]['comment_id'] is what your looking to check against. Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 ok well i tried that. and i also tried to make the "$row" $results[$i]['customer_id'] but it now wont let me edit or delete again. When i did the if($_SESSION['customer_id'] == $row['customer_id']) it showed the edit/delete up but it let me edit everyones from a customer acct. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 Maybe see comments <table width="100%" border="0" cellspacing="0" cellpadding="4" class="tblList"> <tr class="songTitle"> <td width="20%">Time</td> <td width="30%">Comment</td> <td width="20%">Mood</td> <td width="20%">Customer</td> <td width="20%">Delete\Edit</td> </tr> <?php //updated if($results > 0){ for ($i=0; $i<count($results); $i++){ ?> <tr> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['time']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['comment']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"><?php echo $results[$i]['mood']; ?></span></td> <td align="center" class="tdlisting"><span class="copyText"> <?php echo $results[$i]['customer_id']; ?></span></td> <?php //changed //if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) ) //I think.. kinda hard to read your code if($_GET['customer_id']==$db->mySQLSafe($_POST['edit']) && $_GET['customer_id']==$results[$i]['customer_id'] ) { ?> <td align="center" width="10%" class="tdlisting"><a href="?delete=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Delete</a>\<a href="?edit=<?php echo $results[$i]['comment_id']; ?>&customer_id=<?php echo $results[$i]['customer_id']; ?>&productId=<?php echo $results[$i]['productId']; ?>&comment_id=<?php echo $results[$i]['comment_id']; ?>" class="txtLink">Edit</a> </td> <?php }else{ echo '<td align="center" width="10%" class="tdlisting"> Nope! </td>';}?> </tr> <?php } // end loop ?> </table> Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Does $_SESSION['customer_id'] have a value? ie: Are your users logged in somehow? Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 yes the users r logged in... Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 how does the system know their logged inn!!!! is their user id stored some where ? Quote Link to comment Share on other sites More sharing options...
ccrevcypsys Posted October 3, 2007 Author Share Posted October 3, 2007 ok here is is. they are logged in thru the sessions page. There is 2 includes that are on this page to let the page know that they are logged in. include_once("../includes/sessionStart.inc.php"); include_once("../includes/session.inc.php"); now i use these data base names for the comment page and the session page This is the comment db comment_id customer_id this is the session db sessid customer_id (well there is more than this but i dont think those others matter) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.