需要状态删除功能指导
我需要添加删除状态功能的帮助。我需要知道我的删除按钮是否位于正确的位置,以及我需要在我的delete.php 页面中添加哪些内容才能将用户评论从我的数据库和用户提要中删除。
我听说这很简单。但我就是无法理解它,这是我从未真正做过的事情。所以我只是希望用户按 X 和弹出窗口链接到 delete.php,如果用户接受删除,它会从流和显然数据库中删除该评论。
这是我的 STREAMFULL.PHP
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js"></script>
<script type="text/javascript">
function show_confirm()
{
var r=confirm("are you sure you want to delete?");
if (r==true)
{
window.location="http://www.fightstar.org/raw/sn-extend/theme/default/delete.php'";
}
else
{
alert("You pressed Cancel!");
}
}
</script>'
<style>
<?php
while($streamitem_data = mysql_fetch_array($chant)){
echo "<div class='stream_object'>";
echo "<table style='word-wrap: break-word;'><td valign='top' style='word-wrap: break-word;padding:5px;'>";
echo "<img class='stream_profileimage' style='border:none;padding:0px;' src='";sn_user_core::output_profile_image_url($streamitem_data['streamitem_creator']);echo "' onerror='this.src=\"sn-admin/css/img/no_profile_img.jpeg\";'><td valign=top>";
$poster_name = sn_user_core::getuser($streamitem_data['streamitem_creator']);
$target_name = sn_user_core::getuser($streamitem_data['streamitem_target']);
$cont = stripslashes($streamitem_data['streamitem_content']);
if(!($streamitem_data['streamitem_type_id']==2)){
$cont = htmlentities($cont);
$cont = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]","<a class='user_link' href=\"\\0\">\\0</a>", $cont);
}
if($streamitem_data['streamitem_creator']==$streamitem_data['streamitem_target']){
echo "<a href='sn-profile.php?uid=".$poster_name['id']."'>" . $poster_name['firstname']." ".$poster_name['lastname'] ."</a>";
}else{
echo "<a href='sn-profile.php?uid=".$poster_name['id']."'>" .$poster_name['firstname']." ".$poster_name['lastname'] ." </a>
>
<a href='sn-profile.php?uid=".$target_name['id']."'>" .$target_name['firstname']." ".$target_name['lastname'] ."</a>";
}
if($streamitem_data['streamitem_type_id']==2){
$cont = nl2br($cont);
echo "<div style='display:inline;'> ".$cont." </div>";
}else{
if($streamitem_data['streamitem_creator']==$streamitem_data['streamitem_target']){
$cont = nl2br($cont);
echo "<div>".$cont."</div>";
}else{
$cont = nl2br($cont);
echo "<div>".$cont."</div>";
}
}
echo "<div class='post_contextoptions'>";
echo "<div class='stream_option'>".Agotime($streamitem_data['streamitem_timestamp']);
if(!($streamitem_data['streamitem_viaid']==0)){
//COMMENTS
echo '<a href="" onclick="show_confirm()" alt="Delete" title="Delete" class="delete">X</a> ';
}
I need help with adding a delete status function. I need to know if my delete button is in the right place and what I need to put in my delete.php page for a users comment to be deleted out of my database and from the user feed.
I've heard this is pretty simple to do. But I just can't get my head around it, its something I've never actually done. So I'd just like the user to press the X and the popup to link to the delete.php and if accepted to delete by the user it removes that comment from both the stream and obviously the database.
Here is my STREAMFULL.PHP
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js"></script>
<script type="text/javascript">
function show_confirm()
{
var r=confirm("are you sure you want to delete?");
if (r==true)
{
window.location="http://www.fightstar.org/raw/sn-extend/theme/default/delete.php'";
}
else
{
alert("You pressed Cancel!");
}
}
</script>'
<style>
<?php
while($streamitem_data = mysql_fetch_array($chant)){
echo "<div class='stream_object'>";
echo "<table style='word-wrap: break-word;'><td valign='top' style='word-wrap: break-word;padding:5px;'>";
echo "<img class='stream_profileimage' style='border:none;padding:0px;' src='";sn_user_core::output_profile_image_url($streamitem_data['streamitem_creator']);echo "' onerror='this.src=\"sn-admin/css/img/no_profile_img.jpeg\";'><td valign=top>";
$poster_name = sn_user_core::getuser($streamitem_data['streamitem_creator']);
$target_name = sn_user_core::getuser($streamitem_data['streamitem_target']);
$cont = stripslashes($streamitem_data['streamitem_content']);
if(!($streamitem_data['streamitem_type_id']==2)){
$cont = htmlentities($cont);
$cont = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]","<a class='user_link' href=\"\\0\">\\0</a>", $cont);
}
if($streamitem_data['streamitem_creator']==$streamitem_data['streamitem_target']){
echo "<a href='sn-profile.php?uid=".$poster_name['id']."'>" . $poster_name['firstname']." ".$poster_name['lastname'] ."</a>";
}else{
echo "<a href='sn-profile.php?uid=".$poster_name['id']."'>" .$poster_name['firstname']." ".$poster_name['lastname'] ." </a>
>
<a href='sn-profile.php?uid=".$target_name['id']."'>" .$target_name['firstname']." ".$target_name['lastname'] ."</a>";
}
if($streamitem_data['streamitem_type_id']==2){
$cont = nl2br($cont);
echo "<div style='display:inline;'> ".$cont." </div>";
}else{
if($streamitem_data['streamitem_creator']==$streamitem_data['streamitem_target']){
$cont = nl2br($cont);
echo "<div>".$cont."</div>";
}else{
$cont = nl2br($cont);
echo "<div>".$cont."</div>";
}
}
echo "<div class='post_contextoptions'>";
echo "<div class='stream_option'>".Agotime($streamitem_data['streamitem_timestamp']);
if(!($streamitem_data['streamitem_viaid']==0)){
//COMMENTS
echo '<a href="" onclick="show_confirm()" alt="Delete" title="Delete" class="delete">X</a> ';
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
现在,您的脚本不执行任何操作,只是在用户点击确认时将用户重定向到“delete.php”页面。您需要嵌入某种标识符来显示他们点击删除按钮的评论。这会使网址看起来像
http://example.com/delete.php?commentID=123。删除脚本将检索评论 ID 并执行其必须执行的操作。我就讲到这里了。我不会通读你的代码墙来弄清楚你想要做什么。虽然展示代码总是受欢迎的,但这太过分了。将其提炼为您想要做的事情的代表性样本。我们想要《悬崖笔记》版本,而不是完整的《战争与战争》。和平。
Right now your script doesn't do anything but redirect the user to a 'delete.php' page if they hit confirm. You need to embed some sort of identifier to show which comment they click the delete button for. That'd make the url look like
http://example.com/delete.php?commentID=123. The delete script would retrieve the comment ID and do whatever it has to.That's about as far as I'll go. I'm not going to read through your wall of code to figure out what you're trying to do. While showing code is always welcome, that's way too much. Distill it down to a representative sample of what you're trying to do. We want the Cliff's Notes versions, not the full War & Peace.
这有什么难的呢?
开始情况:数据库中有一条评论
下一步:
显示我的评论页面,例如带有评论预览的列表,该列表可单击且已与主键绑定,像:
a href=somepage?comm_id=$res[0]>substr($res[1],0,50) /a
其中 $res 是一个包含 mysql 结果的数组$res[0] 是主键的值,$res[1] 是评论的预览。
4. 单击评论后,您仍然拥有它的 id,因此通过编辑在新页面中显示该评论,删除如下所示的任何按钮:
其中 $_GET[comm_id] 来自上一页。
此时,您可以选择采用传统方式或 http 请求来调用delete.php
一旦您拥有了delete.php,它就会像这样:
if(isset($_POST['删除']))
删除($_POST['comment_id'])
...etc
,删除功能就像这样:
成功时显示一些页面,失败时显示一些其他页面...
当然没有安全性,这里没有给出sql攻击预防,这是你的工作..这只是一个基本场景。
您总是希望使事情尽可能自动化,数据清理、sql 插入、查询等都为自动化奠定了完美的基础!
What's so difficult about it?
Start Situtation: You have a comment in the database
Next:
Show my comments page is displaye, for example a list with comment previews which are clickable and already bounded with the primary key, like:
a href=somepage?comm_id=$res[0]>substr($res[1],0,50) /a
where $res is an array with results from mysql and $res[0] is the value for primary key and $res[1] is the a preview of the comment.
4. After a comment is clicked you still have the id of it, so display this comment in a new page with edit, delete whatever buttons like this:
where $_GET[comm_id] came from the previous page.
At this point you can select to go the traditional way or http request for calling delete.php
Once you have the delete.php alive it goes like:
if(isset($_POST['delete']))
delete($_POST['comment_id'])
...etc
and the delete function just goes like:
on success show some page on failure some other...
Of course no security, sql attack prevention is not given here, this is your work.. it's just a basic scenario.
You always want to make things as musch automated as possible, data cleaning, sql insertions, queries etc all make a perfect ground for automating things!
在您的站点中执行以下操作:
在 mysql 客户端中执行以下所有操作(heidisql 是免费的)
这样您就知道应该关注哪里或问题出在哪里:
- 查询
- 身份证号码错误
等
一般来说,在开发过程中经常需要回显sql并直接从客户端运行它。成功的调试通常需要单独隔离和测试事物。在 php 中,最常见、简单的调试工具是以下组合:
注意:采取一些基本的安全措施。
1. 任何登录用户都可以在更改 url 上的 id 时删除其他人的评论,因此在删除评论之前,至少确保要删除的评论与登录用户匹配,例如伪代码:
如果行存在,其中注释 id=登录用户 ID,则返回 true,否则返回 false
如果 true 则删除 如果 false 则不删除
2.尽可能采用PDO方式,如果使用得当可以帮助应对sql注入攻击。
3.可能的话可以使用post代替get,如果你搜索php security有很多可用的。
Do in your site:
Do all the following in mysql client (heidisql is free)
This ways you know where you should focus or where the problem was:
-The query
-The wrong id
etc
In general often needed to echo sql and run it directly from client when still on developement. Successful debugging often requires for isolating and testing things individually. In php the most common-simple tools for debuggin are combinations of:
Attention: take a few basic sequrity measures.
1. Any logged in user can delete someone's else comment while changing the id on the url so before you delet a comment make sure at least that the comment to be deleted matches the logged in user, for example pseudo code:
if row exist where comment id=logged in user id return true else return false
if true delete if false do not delete
2. Whenever possible go the PDO way, if it is properly used can help in sql injection attacks.
3. can use post when possible insted of get, if you search about php security there is a lot available.