2

如何向发布评论的用户显示删除和编辑链接?就像在 Facebook 中一样,只有发表评论的人才能编辑或删除评论。下面是我的“显示评论”、“显示删除”和“编辑评论”PHP 文件:

<?php
    include_once("includes/settings.php");
    connect();
    $result=mysql_query("SELECT * FROM comments ORDER BY id DESC");
    echo "<table width='80%' border=0>";
    echo "<tr bgcolor='#CCCCCC'>";
    echo "<td>Name</td>";
    echo "<td>Comments</td>";;
    echo "</tr>";

    while($res=mysql_fetch_array($result)){
        echo "<tr>";
        echo "<td>".$res['Name']."</td>";
        echo "<td>".$res['Comments']."</td>"; 
        echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
    }
    echo "</table>";
?>

下面是edit.php

<?php
    error_reporting(0);
    include_once("settings.php");
    connect();
    if(isset($_POST['submit'])) {
        $id = $_POST['id'];
        $Comments=$_POST['Comments'];
        if(empty($Comments)) {
            echo "<font color='red'>Comments field is empty.</font><br/>";
        }
        else {  
            $result=mysql_query("UPDATE comments SET Comments='$Comments' WHERE id=$id");
            echo "Your comments has been edited you will be redirected to the members area page automatically or <a href='../index_ma.php'>click here to go back</a>";
            header('refresh: 3; url=../index_ma.php');
        }
    }
?>
<?php
    $id = $_GET['id'];
    $result=mysql_query("select * from comments where id='$id'");
    while($res=mysql_fetch_array($result))
    {
        $Comments = $res['Comments'];
    }
?>

下面是delete.php

<?php
    include_once("settings.php");
    connect();
    $id = $_GET['id'];
    $result=mysql_query("DELETE FROM comments where id=$id");
    echo "Your comments has been deleted you will be redirected to the members area page automatically or <a href='../index_ma.php'>click here to go back</a>";
    header('refresh: 3; url=../index_ma.php');
?>
4

3 回答 3

0

This depends on your database schema. I am assuming you have a column that stores the user id. With that, you would so something like this:

if ($CurrentUserId == $res['CommentatorId']) {
  echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
}
else {
  echo "<td></td>";
}

You would use the above block instead of your echo "<td><a href=... line in the first code block.

This is how your block would look:

<?php
    include_once("includes/settings.php");
    connect();
    $result=mysql_query("SELECT * FROM comments ORDER BY id DESC");
    echo "<table width='80%' border=0>";
    echo "<tr bgcolor='#CCCCCC'>";
    echo "<td>Name</td>";
    echo "<td>Comments</td>";;
    echo "</tr>";

    while($res=mysql_fetch_array($result)){
        echo "<tr>";
        echo "<td>".$res['Name']."</td>";
        echo "<td>".$res['Comments']."</td>"; 
        if ($CurrentUserId == $res['CommentatorId']) {
            echo "<td><a href=\"edit_comment.php?id=$res[id]\">Edit</a> | <a href=\"includes/delete.php?id=$res[id]\">Delete</a></td>";
        }
        else {
            echo "<td></td>";
        }
    }
    echo "</table>";
?>
于 2013-06-07T13:20:10.810 回答
0

仅当您的应用程序上有用户和登录系统时,此功能才适用。如果我们假设您的评论表中的字段名称是唯一的并分配写评论的用户名(当然来自用户表),那么在成功登录期间,您必须在会话变量中设置此名称值,然后在打印出评论期间,您检查此会话值和评论的名称值以打印出编辑和删除链接。

注意:这个答案是一种

于 2013-06-07T13:37:23.447 回答
0

我不确定您是否这样做,但在您的评论表中您需要保存发布评论的用户的 id,然后在 edit.php 中您需要检查登录用户的 id 是否等于 id试图编辑评论的人如果是,则编辑,如果不是,则不允许他编辑。

在下面的代码中,我假设您将评论表中的用户 id 保存为 user_id

$comment_id = intval($_GET['id']);
$result = mysql_query("SELECT user_id FROM Comments WHERE id = $comment_id");
$row = mysql_fetch_array($result);
if($row['user_id'] == $user_id) {
  // Edit the comment
} else {
  // Not permitted to edit the comment
}

我还注意到您仍在使用已弃用的 mysql,因此我建议您开始使用 mysqli,我还注意到您没有清理变量,这是非常错误的,可能会导致您的数据库被注入。此外,在 edit.php 中,您在链接中发送了 id,因此 $_GET 而不是 $_POST,因为我在代码中进行了编辑。

于 2013-06-07T13:23:38.853 回答