我对PHP很新颖(目前正在做一个大学项目)。我的网站是一个管理网站,约有3位管理员用户可以登录和更改网站等。目前,我对我的评论(用户可以发布到网站的评论)有删除功能,但任何进入网站的人都可以看到删除功能,并可以删除任何机构的评论?PHP删除评论按钮
我想让它只有我的管理员登录后才能看到删除功能,并且随后成为唯一可以删除评论的人。我有一个用户数据库,其中包含名称,密码,用户名和电子邮件列。我想知道如果有人可以请看看我的代码,并告诉我如何改变这一点,只有当管理员登录时,他们才能看到按钮并删除评论。
$str_message = "";
if (!$db_server){
die("Unable to connect to MySQL: " . mysqli_connect_error());
}else{
//if ($_SESSION['admin'] == 'yes') {
if(isset($_GET['delete'])){
$deleteq="DELETE FROM comments WHERE ID={$_GET['delete']} LIMIT 1";
$deleter=mysqli_query($db_server, $deleteq);
IF($deleter){
echo"<p>That message was deleted!</p>";}}
//}
//Test whether form has been submitted
if(trim($_POST['submit']) == "Submit"){
//Handle submission
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
$str_message = "The reCAPTCHA wasn't entered correctly. Go back and try it
again.
(reCAPTCHA said: " . $resp->error . ")";
} else {
// Your code here to handle a successful verification
$comment = $_POST['comment'];
if($comment != ""){
$query = "INSERT INTO comments (comment) VALUES ('$comment')";
mysqli_query($db_server, $query) or die("Comment insert failed: " .
mysqli_error($db_server));
$str_message = "Thanks for your comment!";
}else{
$str_message = "Invalid form submission";
}
}
}
//Create page with or without submission
$query = "SELECT * FROM comments";
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed: " . mysqli_error($db_server));
{
while($row = mysqli_fetch_array($result)){
$ID= $row['ID'];
$str_result .= "<p><em>Comment $j (" . $row['commDate'] .
")</em><br /> " .$row['comment'] . "</p>
<a href ='commentnow.php?delete=$ID
'>Delete</a><hr />";
}
mysqli_free_result($result);
} }
?>
无关,但我相当确定这是通常的做法,不删除数据,而只是有一个删除标志。我会建议考虑这种方法。 – 2014-01-10 21:09:14
取消注释在执行删除操作之前检查用户是否为管理员的代码。 – Barmar
^然后在底部还添加一个if语句,根据用户是否是管理员拥有两个可能的'$ str_result'分配语句(如果用户是管理员,显然没有删除按钮) – 2014-01-10 21:13:05