As you can see, on every comment there is a button but it deletes every comment when I click one button. I only want it to delete the comment it belongs to. I may get why it deletes everything since it deletes all the variables in the column comment_id from the $sql_result2 query, but I have no idea how to fix it. Should I change my $sql_result2? What am I doing wrong here?
$sql_result2 = $mysqli2->query("SELECT * FROM comments WHERE thread_id = '".$thread_id."'");
while ($comments = mysqli_fetch_assoc($sql_result2)) {
echo " <div id='comments' >{$comments['comment']}</br>";
echo "<div id='name_and_date'><a href=profile.php?comment_username={$comments['username']}>{$comments['username']}</a></br>";
echo "{$comments['date_made']}</div></div>";
echo <<<EOT
<table style='margin-left:42% ;'>
<form action="?" method="post">
<td><input name="delete_comment" type="submit" value="delete"></td>
<table>
EOT;
if ( isset( $_POST['delete_comment'] ) ) {
$sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
header("Location: thread.php");
}
}
You have it within the while loop, so the following code is getting executed for each comment:
if ( isset( $_POST['delete_comment'] ) ) {
$sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
header("Location: thread.php");
}
You should remove that from the while loop, and replace $comments['comment_id'] with a valid get/post variable.
For example:
if ( isset( $_POST['delete_comment'] ) ) {
$sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$_POST['comment_id']."'");
header("Location: thread.php");
exit();
}
$sql_result2 = $mysqli2->query("SELECT * FROM comments WHERE thread_id = '".$thread_id."'");
while ($comments = mysqli_fetch_assoc($sql_result2)) {
echo " <div id='comments' >{$comments['comment']}</br>";
echo "<div id='name_and_date'><a href=profile.php?comment_username={$comments['username']}>{$comments['username']}</a></br>";
echo "{$comments['date_made']}</div></div>";
echo <<<EOT
<table style='margin-left:42% ;'>
<td><form action="?" method="post">
<input name="delete_comment" type="submit" value="delete">
<input name="comment_id" type="hidden" value="{$comments['comment_id']}">
</form></td>
<table>
EOT;
}
but you should really look at tidying up the rest of the code. There are tags that aren't ending in the HTML, and its vulnerable to SQL injection.
i dont actually get what you're trying to do here, but it seems like you're to pass variable using a post method.. and delete a data using the variable as a filter...
you need to create an input element or any element which will allow you to pass your variable in a post method..
<table style='margin-left:42% ;'>
<form action="?" method="post">
<td><input name="delete_comment" type="submit" value="<?php echo $comments['comment_id']; ?>"></td>
<table>
just like this... i used your submit button since it has no other use than to check if its already clicked..
this is happening because header function does not works if any thing is echoed before this and you put it in a while loop so once the condition isset( $_POST['delete_comment'] ) is true it will be true for all records in the loop hence deleting all records.
if ( isset( $_POST['delete_comment'] ) ) {
$sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
header("Location: thread.php");
}
there seems to be a problem in your logic as well to delete only once record. you are just setting a general flag not a particular comment_id to be deleted