如何仅显示发布评论的用户的删除和编辑链接?
[英]How do I show the delete and edit links only to the user who has posted the comment?
问题描述
How can I show the delete and edit link to the user who has posted the comment? 
如何显示发布评论的用户的删除和编辑链接? Just like in Facebook only the person who has posted the comment is allowed to edit or delete the comment. 就像在Facebook中一样,只允许发布评论的人编辑或删除评论。 Below are my "show comments", "show delete" and "edit comment" PHP files: 以下是我的“显示评论”,“显示删除”和“编辑评论” PHP文件:
<?php
include_once("includes/settings.php");
connect();
$result=mysql_query("SELECT * FROM comments ORDER BY id DESC");
echo "<table width='80%' border=0>";
echo "<tr bgcolor='#CCCCCC'>";
echo "<td>Name</td>";
echo "<td>Comments</td>";;
echo "</tr>";
while($res=mysql_fetch_array($result)){
echo "<tr>";
echo "<td>".$res['Name']."</td>";
echo "<td>".$res['Comments']."</td>";
echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
}
echo "</table>";
?>
Below is edit.php 下面是edit.php
<?php
error_reporting(0);
include_once("settings.php");
connect();
if(isset($_POST['submit'])) {
$id = $_POST['id'];
$Comments=$_POST['Comments'];
if(empty($Comments)) {
echo "<font color='red'>Comments field is empty.</font><br/>";
}
else {
$result=mysql_query("UPDATE comments SET Comments='$Comments' WHERE id=$id");
echo "Your comments has been edited you will be redirected to the members area page automatically or <a href='../index_ma.php'>click here to go back</a>";
header('refresh: 3; url=../index_ma.php');
}
}
?>
<?php
$id = $_GET['id'];
$result=mysql_query("select * from comments where id='$id'");
while($res=mysql_fetch_array($result))
{
$Comments = $res['Comments'];
}
?>
Below is delete.php 下面是delete.php
<?php
include_once("settings.php");
connect();
$id = $_GET['id'];
$result=mysql_query("DELETE FROM comments where id=$id");
echo "Your comments has been deleted you will be redirected to the members area page automatically or <a href='../index_ma.php'>click here to go back</a>";
header('refresh: 3; url=../index_ma.php');
?>
3 个解决方案
解决方案1
0 2013-06-07 13:20:10
This depends on your database schema. 这取决于您的数据库架构。 I am assuming you have a column that stores the user id. 我假设您有一列存储用户ID。 With that, you would so something like this: 这样,您将像这样:
if ($CurrentUserId == $res['CommentatorId']) {
echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
}
else {
echo "<td></td>";
}
You would use the above block instead of your echo "<td><a href=... line in the first code block. 您将使用以上代码块,而不是第一个代码块中的echo "<td><a href=...行。
This is how your block would look: 这是您的块的外观:
<?php
include_once("includes/settings.php");
connect();
$result=mysql_query("SELECT * FROM comments ORDER BY id DESC");
echo "<table width='80%' border=0>";
echo "<tr bgcolor='#CCCCCC'>";
echo "<td>Name</td>";
echo "<td>Comments</td>";;
echo "</tr>";
while($res=mysql_fetch_array($result)){
echo "<tr>";
echo "<td>".$res['Name']."</td>";
echo "<td>".$res['Comments']."</td>";
if ($CurrentUserId == $res['CommentatorId']) {
echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
}
else {
echo "<td></td>";
}
}
echo "</table>";
?>
解决方案2
0 2013-06-07 13:23:38
I'm not sure if you do so but in your comments table you need to save the id of the user who posted the comment, then in edit.php you need to check if the id of the user logged in is equal to the id of the person trying to edit the comment If yes, then edit, if not then don't allow him to edit it. 我不确定是否这样做,但是在评论表中,您需要保存发布评论的用户的ID,然后在edit.php中,您需要检查登录用户的ID是否等于ID。试图编辑注释的人的姓名。如果是,则进行编辑;如果不是,则不允许他进行编辑。
In the following code I will suppose that you save the id of the user in the comments table as user_id 在以下代码中,我假设您将用户ID在注释表中另存为user_id。
$comment_id = intval($_GET['id']);
$result = mysql_query("SELECT user_id FROM Comments WHERE id = $comment_id");
$row = mysql_fetch_array($result);
if($row['user_id'] == $user_id) {
// Edit the comment
} else {
// Not permitted to edit the comment
}
I also noticed that you are still using mysql which got deprecated so I suggest you start using mysqli, I also noticed that you are not sanitizing your variables which is very wrong and could cause your database to be injected. 我还注意到您仍在使用已被弃用的mysql,因此建议您开始使用mysqli,我还注意到您没有对变量进行清理,这是非常错误的,并可能导致数据库被注入。 Also, in edit.php you sent the id in a link so that is $_GET not $_POST as I edited in my code. 另外,在edit.php中,您在链接中发送了ID,因此是$ _GET而不是我在代码中编辑的$ _POST。
解决方案3
0 2013-06-07 13:37:23
This functionality is applicable only if there is users and login system on your application. 仅当您的应用程序上有用户和登录系统时,此功能才适用。 If we suppose that the field Name in your comments table is unique and assign the user name (from users table of course) that had wrote the comment, so during a successful login, you have to set this Name value in a session variable, then during printing out the comments you check for this session value and the Name value of the comment to print out the edit and delete links. 如果我们假设您的注释表中的“名称”字段是唯一的,并分配了写注释的用户名(当然来自用户表),那么在成功登录期间,您必须在会话变量中设置此“名称”值,然后在打印注释时,您需要检查该会话值和注释的“名称”值以打印出编辑和删除链接。
Notice: This answer is an algorithm of implementation. 注意:此答案是一种实现算法 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.