0

I have created a comment-reply system in php. It is similar to wall in facebook. User writes a comment and then post it in "wall". I use the following tables in my database to hold comments: comments(comments_id, comment, comment_date, user, comment_hash, flash) and table users that hold user's details: users(user_id, name, surname). Everything works perfect, the only problem is that I cannot delete a certain comment. Deleting a comment means to set flag=1 for this comment in my database.

On each comment there is a link named "delete". When user press delete, a light box starts in javascript and user by pressing delete, the function "deletepost" is executed. My only problem is that this function sets flag=1 to all comments in my databe and not for the certain comment that I press delete. Any idea how to improve my code?

I use the following function in order to display comments:

<?php
function getComments(){    
  $session_user_id = $_SESSION['user_id'];
  $comments = "";
  $sql = mysql_query("SELECT * FROM comments WHERE (`flag`=0) ORDER BY comment_date DESC LIMIT 40") or die (mysql_error());

  if(mysql_num_rows($sql) == 0){
    $comments = "<div class='each_comment'>  Write your first posts ...</div> ";
  }
  else{

    while ($row= mysql_fetch_assoc($sql)) {
  $comment_id = $row['comments_id'];
      $hash = $row['comment_hash'];

      $personal_1 = mysql_query("SELECT `user_id`, `name`, `surname`, `email`, `profile` FROM `users` WHERE `user_id`='{$row['user']}' ");

        while ($run_personal_1= mysql_fetch_assoc($personal_1)) {
          $comment_user_id = $run_personal_1['user_id'];
          $comment_user_name = $run_personal_1['name'];
          $comment_user_surname = $run_personal_1['surname'];
        }

    // displays comment that includes user's name and surname and hash
    $comments .= " $comment_user_surname   $comment_user_name   $hash";
    $comments .= ".$row['comment'].";


//---- at this point I insert a delete link , that when user presses it a javascript light box ask user if wants to delete the comment. If user press the delete button it is called the function named "deletepost".

//---- first checks if the comment is from the user that is logged in ($session_user_id) in order to have the right to delete post

  if($comment_user_id == $session_user_id){
      if(isset($_POST['submit_2'])) {
        deletepost($session_user_id, $comment_id);
        header('Location: wall.php');
      } 

  $comments .= <<<EOD
  <a href="javascript:void(0)" onclick="document.getElementById('light').style.display='block';document.getElementById('fade').style.display='block'"> <font color='grey' >Delete</font> </a>
<div id="light" class="white_content">
    <form action="$_SERVER[PHP_SELF]" method="post">
    <input type="submit" name="submit_2" value="Delete Post ">
    </form>
    <a href="javascript:void(0)" onclick="document.getElementById('light').style.display='none';document.getElementById('fade').style.display='none'"><button>Cancel</button></a>
</div>
<div id="fade" class="black_overlay"></div>             
  EOD;
  }

  }
    return $comments;   
} 
?>

I use the following function in order to post comments:

<?php
function postComments($comment){
    $comment = mysql_real_escape_string(strip_tags($comment));
        $session_user_id = $_SESSION['user_id'];
        $random_num = rand(0, 99999999999);
        $sql = mysql_query(" INSERT INTO `comments` (comment, comment_date, user, comment_hash) VALUES ('".$comment."', now(), '$session_user_id', '$random_num') ");
    return getComments();
}
?>

I use the following function in order to delete comments. Deleting comments means that I set flag=1, and in my function that displays the comments (function getComments), if flag is equal to 1 I do not display this comment:

<?php
function deletepost($comment_user_id, $comment_id){
$get_hash = mysql_query("SELECT `comment_hash` from `comments` WHERE (`user`='$comment_user_id' AND `comments_id` = '$comment_id')  ");
        while ($run_hash= mysql_fetch_assoc($get_hash)) {
            $hash = $run_hash['comment_hash'];
        }
    $sql="UPDATE `comments` SET `flag`=1 WHERE (`user`='$comment_user_id' AND `comment_hash`='$hash')";
$result=mysql_query($sql) or die("Error when trying to delete...");
}
?>
user2491321
  • 673
  • 10
  • 32
  • 2
    [Please, don't use `mysql_*` functions in new code](http://stackoverflow.com/q/12859942). They are no longer maintained [and are officially deprecated](http://php.net/mysql_connect). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. [Here is a good PDO tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). – vascowhite Dec 18 '13 at 19:03
  • What does your database schema look like? – user1618143 Dec 18 '13 at 19:17
  • if you mean the tables, I have write them at the top – user2491321 Dec 18 '13 at 19:19
  • But what are the data types, what are the indexes, are you sure you set the primary key properly, etc.? Can you post the sql command you used to create the tables? – user1618143 Dec 18 '13 at 19:20
  • comments_id is the P.K and user is the user_id – user2491321 Dec 18 '13 at 19:25

2 Answers2

0

My first instinct is to guess that comment_hash isn't working quite right, for whatever reason. Try simplifying your delete function:

function deletepost($comment_user_id, $comment_id){
    $sql="UPDATE `comments` SET `flag`=1 WHERE (`user`='$comment_user_id' AND `comments_id`='$comment_id')";
    $result=mysql_query($sql) or die("Error when trying to delete...");
}

I'm not sure why your current delete function is querying your database to grab a hash from a table and then using the hash to find the same row from the same table. It seems pointless and inefficient, and introduces more things that can break.

Incidentally, Vascowhite is correct that you shouldn't be using the old mysql library, but I don't think changing that would fix your problem here.

user1618143
  • 1,728
  • 1
  • 13
  • 27
  • I have try it, but still set flag=1 to all comments in my table. I cannot see where is the mistake, that makes it apply to all and not for the certain comment – user2491321 Dec 18 '13 at 19:14
  • Hmm... Are you sure `comment_id` is being initialized properly? Something like this could happen if you forgot to set it to `AUTO_INCREMENT`. – user1618143 Dec 18 '13 at 19:19
  • Yes I have it AUTO_INCREMENT. I see my table in my database, and I see comments_id getting different values for each post. – user2491321 Dec 18 '13 at 19:22
  • is there any possibility the problem comes from within javascript? – user2491321 Dec 18 '13 at 19:25
  • Javascript? Only if it's somehow sending a separate delete request for each comment, which I suppose is not inconceivable. Take a look at the network requests your page is sending. – user1618143 Dec 18 '13 at 19:27
  • I think that the main problem comes from the while statement into which is called the deletepost. – user2491321 Dec 18 '13 at 19:45
  • It's being called inside a `while` loop? Why? That's definitely something to check out. – user1618143 Dec 18 '13 at 20:04
  • when I call deletepost at the end of function getComments(), before return $comments; it deletes only the last comment each time I press delete. But still not the selected comment – user2491321 Dec 18 '13 at 20:08
  • Okay, it seems like `deletepost()` is fine, and the problem is elsewhere. Since the problematic code is not in the question, there's not much I can do. – user1618143 Dec 18 '13 at 20:14
  • finaly the problem was in EOD I used. For some reason cannot allow me to pass all comments_id and passes only the 1st – user2491321 Dec 19 '13 at 15:54
0

In deletepost why did you run while loop to get the hash , if you are deleting one comment one time . Another thing is that flag=1 happens in all your comment because hash may be common for that users all comment . You need to make hash unique for every comment of a particular user .

Ron
  • 394
  • 1
  • 12
  • 24
  • 1
    any idea what to write to improve this? – user2491321 Dec 18 '13 at 19:15
  • Whenever you are inserting comment with respect to a particular user insert the comment in database with a unique hash code (Like make the hash code as a random number ) and while deleteing a comment for a particular user pass that users id and the random number in the function parameter and respect to the user id and number update the flag . – Ron Dec 18 '13 at 19:21