使用PHP从数据库中删除注释
我的网站是一个管理员登录网站,因此用户无法注册。但是,他们可以在网站上发表评论。我在评论上有删除按钮,但没有意识到任何人都可以删除任何人的评论。我如何才能改变这一点,使管理员登录后,他们能够删除不适当的评论(如果有的话),并摆脱删除按钮从一般公众 这是我的Comment.php代码,其中包含delete按钮函数:使用PHP从数据库中删除注释,php,mysql,sql-delete,Php,Mysql,Sql Delete,我的网站是一个管理员登录网站,因此用户无法注册。但是,他们可以在网站上发表评论。我在评论上有删除按钮,但没有意识到任何人都可以删除任何人的评论。我如何才能改变这一点,使管理员登录后,他们能够删除不适当的评论(如果有的话),并摆脱删除按钮从一般公众 这是我的Comment.php代码,其中包含delete按钮函数: <?php session_start(); require_once 'templates/open.php'; require_once 'con
<?php
session_start();
require_once 'templates/open.php';
require_once 'connect.php';
require_once 'functions/cleanstring.php';
require_once 'functions/encrypt.php';
?>
<?php
$db_hostname = 'localhost';
$db_database = 'cs12e2g_MyFirstDB'; //'Your database name'
$db_username = 'cs12e2g_DBuser'; //'your username';
$db_password = 'vtjppqs7'; //'Your password';
$db_status = 'not initialised';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
$db_status = "connected";
if (!$db_server){
die("Unable to connect to MySQL: " . mysqli_connect_error());
$db_status = "not connected";
}
// Includes and variables always required
require_once 'recaptcha/recaptchalib.php';
require_once 'functions/cleanstring.php';
$privatekey = "6Lem4-gSAAAAADsaa9KXlzSAhLs8Ztp83Lt-x1kn";
$publickey = "6Lem4-gSAAAAAMHLAVbieIknMtUZo71ZKzzCkoFN";
mysqli_select_db($db_server, $db_database);
$str_message = "";
if (!$db_server){
die("Unable to connect to MySQL: " . mysqli_connect_error());
}else{
if(isset($_GET['delete'])){
$deleteq="DELETE FROM comments WHERE ID={$_GET['delete']} LIMIT 1";
$deleter=mysqli_query($db_server, $deleteq);
IF($deleter){
echo"<p>That message was deleted!</p>";}}
//Test whether form has been submitted
if(trim($_POST['submit']) == "Submit"){
//Handle submission
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
$str_message = "The reCAPTCHA wasn't entered correctly. Go back and try it
again.
(reCAPTCHA said: " . $resp->error . ")";
} else {
// Your code here to handle a successful verification
$comment = $_POST['comment'];
if($comment != ""){
$query = "INSERT INTO comments (comment) VALUES ('$comment')";
mysqli_query($db_server, $query) or die("Comment insert failed: " .
mysqli_error($db_server) );
$str_message = "Thanks for your comment!";
}else{
$str_message = "Invalid form submission";
}
}
}
//Create page with or without submission
$query = "SELECT * FROM comments";
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed: " . mysqli_error($db_server) );
while($row = mysqli_fetch_array($result)){
$ID= $row['ID'];
$str_result .= "<p><em>Comment $j (" . $row['commDate'] .
")</em><br /> " .$row['comment'] . "</p>
<a href ='commentnow.php?delete=$ID
'>Delete</a><hr />";
}
mysqli_free_result($result);
}
?>
<h1>What do you think?</h1>
<p><h5>Did you find everything you wanted? Please comment below:<h5></p>
<form action="commentnow.php" method="post">
<textarea rows="10" cols="50" name="comment"></textarea><br />
<?php echo recaptcha_get_html($publickey); ?>
<input type="submit" name="submit" value="Submit" />
</form>
<span style="color:#FF0000;">
<?php echo $str_message; ?></span>
<hr />
<h2>Comments:</h2>
<?php echo $str_result; ?>
</div>
<?php
require_once 'templates/close.php';
?>
限制删除按钮仅为管理员显示。这也意味着您可以通过某种方式确定登录用户是否是管理员
if ($is_admin) {
// Code to display button
}
另外,在后端检查登录的用户是否为admin
if ($is_admin) {
// Code to delete comment
delete_comment();
}
欢迎使用php
您具有标识在应用程序中输入的用户的属性
使用数据库、数组、文件或变量等
如果权限等于admin或editor(例如),则允许删除
比如说
if( $login == 'admin' ){
// Allow action
}
我的朋友,你明白吗
(对不起,我的英语不好)对于在后端实际执行删除的代码也要这样做。@developerwjk是对的-限制实际执行删除的代码比隐藏触发所述代码的按钮更重要。太好了,谢谢!因此,如果您说将if($is_admin){},那么$is_admin应该是$username(我数据库中的用户名)添加到数据库表中的新列is_admin
。在脚本开始时,查询数据库并返回is_admin
的值(真/假或1/0)将其分配给$is_admin
。然后,您可以实现raj的摘录来检查用户是否为管理员。尽管您使用的是mysqli,但您的代码仍会受到SQL注入的影响,因为您没有使用参数化查询。我已将此中的编辑还原为用户替换了非性别代词和有效的英语拼写无效地。