PHP Code for Delete Topic in Database
Content Management System: Blogs
- regular blog: home page
- small blog: home page
- tiny blog: home page
- blog: search
- blog: login
- blog: topic and replies viewing page
- blog: add topic to database
- blog: add reply to database
- blog: edit topic in database
- blog: create topic in database
- blog: delete topic in database
- blog: delete reply in database
- blog: create categories in database
- blog: edit categories in database
- blog: open or close topic
- blog: delete user account in members table
The blog's topic deleting page whose code is on this web page is very simple. If your username matches the administrator's username, the topic whose id is learned from a PHP GET statement is dumped from the topics table of the MySQL db using the SQL DELETE FROM command, and the replies table question_id field is checked for data matching the topic's id, and when there are matches these replies are also dumped using the SQL DELETE FROM command.
On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has the administrator's username. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the username checked to ensure it is the administrator's username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages (like this one) only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.
The administrator's username is a bit silly, as you see. Feel free to change it (to AfDqC_1f3_DkI3j5k9N_ for example) when you register the administrator username and password, but you must use search and replace on ALL blog app pages searching for our silly name and replacing it with your not-as-silly name or you'll have more problems than a pregnant nun.
Next comes GETting the topic id gotten from the URL query string that brought us to this topic deleting page.
Depending on which topic's Delete Topic link is clicked on the blog home page or the topic and replies viewing page, its corresponding id number will be sent via query string (along with the username) to this blog topic deleting page and only this topic will be vulnerable to deletion.
Finally, if your username matches the administrator's username, you'll be let into the script, and the topic whose id is learned from a PHP GET statement is dumped from the topics table (blog_question) of the MySQL db using the SQL DELETE FROM command, and the replies table, named blog_answer, has its question_id field checked for data matching the topic's id, and when there are matches these replies are also dumped using the SQL DELETE FROM command. The mysql_affected_rows() function finds out if deletions have occured and you get a message regarding the success or failure of this operation.
SAVE THIS PAGE AS: cms-delete-blog-topic.php
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Blog Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Delete Blog Topic—Content Management System (CMS)">
<meta name="keywords" content="blogs,blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
</head>
<body>
<?php
include_once"config.php";
$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){if($U<>"DIRTY_dog_DROPPINGS_"){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("You are not the Administrator. Go login again but you can only add replies or just read topics.");window.location="blog-login.php"; </script>';}
$tbl_name="blog_answer";
$id=mysql_real_escape_string($_GET['id']);
$sql="DELETE FROM $tbl_name WHERE question_id='$id'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$sql="DELETE FROM blog_question WHERE id='$id'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The deleting was successfully accomplished.");window.location = "cms-blog.php?username='.$U.'"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "cms-view-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}
mysql_close();
?>
</body>
</html>