PHP Code for Delete Forum Topic in Database
Forums are great communication tools for the exchange of ideas, for people teaching others about a specific area of interest, or even for just general social communication. The fact that they are usually so specialized helps get them high up in search results as well as contributing considerably to bodies of knowledge. True, there's a lot of misinformation and putdowns, but this invariably occurs when people communicate. One must learn to take what one learns with a grain of salt.
On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based forum would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has a username that's in the database. Note that the various pages on our forum app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the db checked for a valid username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our forum app scripts have this same username checker at the top of the PHP section—except for the login script.
First we GET the id of the topic the user desires to delete, which gets sent to this web page from the topic viewing script where there's a link that says Delete Topic. Then the script looks in the topic table (forum_question) for the topic that has the id of the selected topic and the topics_username of the user now using this deletion script. If this user is not topics_username, s/he gets a message: "You must be the topic author to delete this topic." If this is the appropriate user for the delete privelege, the forum_answer table gets any records deleted with the topic id that has been selected—this id is in a field called question_id in the forum_answer table. Then the forum_question is looked through for the selected topic id and that record, when found, is deleted. The mysql_affected_rows() function is used to determine success, and if it's nonzero the deletion worked and the user gets a success message, otherwise s/he gets a "Deleting failed." message.
SAVE THIS PAGE AS: cms-delete-topic.php
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Forum Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Delete Forum Topic—Content Management System (CMS)">
<meta name="keywords" content="forums,forum,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
</head>
<body>
<?php
include_once"config.php";
$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM members WHERE username='$U'") or die(mysql_error());if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="login.php"; </script>';}
$tbl_name="forum_answer";
$id=mysql_real_escape_string($_GET['id']);
$check_user_data = mysql_query("SELECT * FROM forum_question WHERE id = '$id' AND topics_username = '$U'") or die(mysql_error()); if(mysql_num_rows($check_user_data) == 0){echo '<script language="javascript">alert("You must be the topic author to delete this topic.");window.location = "cms-view-topic.php?id='.$id.'&username='.$U.'"; </script>';
}else{
$sql="DELETE FROM $tbl_name WHERE question_id='$id'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$sql="DELETE FROM forum_question WHERE id='$id'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The deleting was successfully accomplished.");window.location = "cms-forum.php?username='.$U.'"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "cms-view-topic.php?id='.$id.'&username='.$U.'"; </script>';}
}
mysql_close();
?>
</body>
</html>