How to get data-info inside the "DIV" of comments for don't show it inside a post that is not his

Question

Im trying to Hide a comments that are not releated with the post above, the problem is that I have a database with all comments, and they are present in every post that I add... I'm trying to add a data-ID for every comments and trying to create a PHP "if" inside a generator post that if doesn't match doesn't show, but I think that i'm going to complicate myself, please help me:

this is a PHP function that create a comment and as you can see I added a data-POSTER that rappresent the ID of the post:

function createCommentRow($data,$utenteloggato) {
    global $conn;
    


    if ($utenteloggato == $data['userID']) {
    $response = '
            <div class="comment"  data-postER="'.$data['postID'].'" >
                <div class="user">'.$data['name'].' <span class="time">'.$data['createdOn'].'</span></div>
                <div class="userComment" >'.$data['comment'].'</div>
                <div class="reply"><a href="javascript:void(0)" data-commentID="'.$data['id'].'" onclick="reply(this)">REPLY</a></div>
                <div class="replies">
                <a id="option1" 
                data-id="'.$data['id'].'"
                data-option="'.$data['tipo'].'"
                href="javascript:void(0)" 
                onclick="goDoSomething(this);">
                Delete
            </a>  ' ;
    }      
    
    else
    {
        $response = '
                    <div class="comment"  data-postER"'.$data['postID'].'" >
                    <div class="user">'.$data['name'].' <span class="time">'.$data['createdOn'].'</span></div>
                    <div class="userComment" data-postID="'.$data['postID'].'">'.$data['comment'].'</div>
                    <div class="reply"><a href="javascript:void(0)" data-commentID="'.$data['id'].'" onclick="reply(this)">REPLY</a></div>
                    <div class="replies">
                    ' ;
        }      

    $sql = $conn->query("SELECT replies.id, name, comment, tipo, DATE_FORMAT(replies.createdOn,  '%e/%c/%Y %T') AS createdOn,  userID, postID FROM replies INNER JOIN users ON replies.userID = users.id WHERE replies.commentID = '".$data['id']."' ORDER BY replies.id DESC LIMIT 1");
    while($data = $sql->fetch_assoc())
        $response .= createCommentRow($data,$utenteloggato);

    $response .= '
                        </div>
            </div>
        ';

    return $response;
}

inside ad another php I show all the post from database table "post", everything work fine, but inside this div where the comments go to display:

                <div class="userComments"  data-postID="'.$data['id'].'" > </div>

I want put a IF condition that if the value of data-postER from the comments doesn't much with the data-postID from class="userComments" it doesn't show up. Thanks to everybody

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Aug 01 '21 at 10:48

Shlomtzion · Answer 1 · 2021-08-01T11:10:09.803

Since you are creating a big piece of html inside the $response...

How about, adding (just for the example I will use line by line) few or one line at a time with an if when coming in the line of userComment so for example:

else
{
    $response = '
                <div class="comment"  data-postER"'.$data['postID'].'" >
                <div class="user">'.$data['name'].' <span class="time">'.$data['createdOn'].'</span></div>
                <div class="userComment" data-postID="'.$data['postID'].'">'.$data['comment'].'</div>
                <div class="reply"><a href="javascript:void(0)" data-commentID="'.$data['id'].'" onclick="reply(this)">REPLY</a></div>
                <div class="replies">
                ' ;
    }

this becomes this:

else {
    $response .= '<div class="comment"  data-postER"'.$data['postID'].'" >'; 

    $response .= '<div class="user">'.$data['name'].' <span class="time">'.$data['createdOn'].'</span></div>';
    if($data['postID'] == $data['id']){
        $response .= '<div class="userComment" data-postID="'.$data['postID'].'">'.$data['comment'].'</div>';
    }
    $response .= '<div class="reply"><a href="javascript:void(0)" data-commentID="'.$data['id'].'" onclick="reply(this)">REPLY</a></div>';
    $response .= '<div class="replies">';
}

This and now you either created the userComments or didn't...

You can ofcourse insert more than one line at a time but I wanted to illustrate it...

Also I would recommend not building the whole html inside a variable... rather building the html and inserting variables into it like this:

?><div class="comment" data-postER="<?php echo $data['postID'];?>" >

This way you embed php variables inside a healthy lookin html ...:)

thanks for you availibility mate, but honestly I dont know if is not working for my case or I didn't understand what you said... because this IF "($data['postID'] == $data['id']){ " doesn't have to much sense in this contest, because the post creator is in another section and then doesn't confront if is match with the POSTid ... I think that i need to send back variables or take it from data-postER, but i dont know how to handle it — Lodovico Giberti, Aug 01 '21 at 13:03

How to get data-info inside the "DIV" of comments for don't show it inside a post that is not his

1 Answers1