-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdelete.php
More file actions
50 lines (45 loc) · 1.36 KB
/
delete.php
File metadata and controls
50 lines (45 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
// Delete a post from the database
require_once( "database.php" );
// Get post ID. If obviously invalid, kick back to main page.
if( ! isset( $_GET["i"] ) )
{ header( "Location: index.php?error=201\n\n" ); exit( 0 ); }
$post_id = $_GET["i"];
if( $post_id == "" || strlen($post_id) != 36 )
{ header( "Location: index.php?error=201\n\n" ); exit( 0 ); }
function deleteFromTable( $db, $table, $column, $post_id )
{
$sql = "DELETE FROM $table WHERE $column = ?";
$stmt = $db->stmt_init();
if( $stmt->prepare( $sql ) )
{
$stmt->bind_param( "s", $post_id );
$stmt->execute();
}
$stmt->close();
}
// Find that post's author's user ID
$sql = "SELECT users.id FROM posts, users WHERE posts.id = ? AND posts.author = users.id";
$stmt = $db->stmt_init();
if( $stmt->prepare( $sql ) )
{
$stmt->bind_param( "s", $post_id );
$stmt->execute();
$stmt->bind_result( $author_id );
if( $stmt->fetch() )
{
if( $author_id == $userID )
{
$stmt->close();
deleteFromTable( $db, "posts", "id", $post_id );
deleteFromTable( $db, "comments", "post", $post_id );
header( "Location: index.php\n\n" );
exit( 0 );
}
else // That post isn't owned by you.
{ header( "Location: index.php?error=202\n\n" ); exit( 0 ); }
}
else // That ID didn't return a record from the database.
{ header( "Location: index.php?error=201\n\n" ); exit( 0 ); }
}
?>