0

I'm sorry if this is a duplicate, or a low-effort question, but I do not know what the name of this is, and it will be nothing but helpful to me if I knew how to execute this correctly.

The code is:

if(isset($_POST['RemoveComment'])){

mysql_query("DELETE FROM `comments` WHERE `id`='".$commentid."' ");

}

The way this works prior to the feature is that it echos out a table of comments which it selects from a direct profile name. The way I am trying to work this delete comment system is by giving the button in the same table (next to every comment) to the profile owner or an administrator. It would delete the comment with the ID the button was pressed on. However, the code above is only capable of deleting all the comments, and some even from other profiles.

I do not know the name of a function like this, but I do enjoy naming it as a "Universal Function" to work on any comments, please help me with this, I am going to be using this on MULTIPLE features with my website and I lack the knowledge and names of these functions.

Extra code: (the variables)

$poster = $get_comments['poster'];
$comment = $get_comments['message'];
$posted = $get_comments['posted'];
$commentid = $get_comments['id'];
Blender
  • 289,723
  • 53
  • 439
  • 496
user2230442
  • 13
  • 3
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 11 '13 at 19:58

1 Answers1

1

I think the name you're looking for is a function, which is reusable...

$link = mysqli_connect('localhost', 'my_user', 'my_password', 'world');

/* check connection */
if (!$link) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

function deleteComment( $link, $messageId ) {
    $stmt = mysqli_prepare($link, "DELETE FROM comments WHERE id = ?");
    mysqli_stmt_bind_param($stmt, 'i', $messageId);

    /* execute prepared statement */
    mysqli_stmt_execute($stmt);

    /* close statement and connection */
    mysqli_stmt_close($stmt);
}

// Call the function
deleteComment( $link, 1 );

/* close connection */
mysqli_close($link);

Be aware that mysql_ functions are deprecated. Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which.

Kermit
  • 33,827
  • 13
  • 85
  • 121
  • Do you think I can use a PHP $_GET form method on getting the actual domain the button was pressed on and try the delete query from there? – user2230442 Apr 11 '13 at 20:02
  • @user2230442 Remotely or locally? Like `/delete.php?messageId=5`? Technically, yes. But this is not secure. – Kermit Apr 11 '13 at 20:03
  • Thanks for the potential problem-solving answers, but the function doesn't work, it could be because I didn't know what exactly to do with the $link variable, but I've already called the connect scripts way before it. – user2230442 Apr 11 '13 at 20:14