Delete a Received Private Message on Your Website

This page is a tutorial on deleting private messages (PM) in the inbox on your website. It uses sessions, display string security, PHP, MySQL, and a menu system. Users must have used the Private Message Login page to login prior to getting to this inbox message deleting page. With the menu in the side bar you can send a message or check out your inbox or outbox, or delete messages from your inbox or outbox or logout.

This special inbox page has a special feature: a Delete link next to each and every message. The screenshot above is the regular inbox. Picture the inbox message deleting page as the same except the buttons are replaced with Delete links. What this is is a way to trash the message. So, you can click this link to indicate you wish to dump it. After you click this link, the message will disappear like ice cream at an orphanage. Note that with our PM system, you don't need to click somewhere in the inbox just to see the message. All messages are displayed along with who they are from, their subject, and their date—right there in the inbox. Feel free to delete any or all messages if your box gets too full.

Let's check out the code. It starts with a PHP include that insists on adding the php file checkid.php to this page's content. All that's in this file is:

session_start();

if(!isset($_SESSION['sessionid'])){

session_unset();
session_destroy();

header('location: message-login.php');

}else{
// session logged
}

This just does what it ought to: start a session (it started in the login page, actually, but we can say we restarted it even though we merely continued it and restarted the session timeout clock which is set for 24 to 48 minutes, depending on the PHP installation directives). We then check the session variable "sessionid" which was saved at login. If it's not set, the user is sent to the login page after unsetting and destroying the session. If it is set, the user gets to continue the script since the else conditional leads only to a comment that does nothing, but says it all: "session logged." So the user is okay and good to go.

Next we get ready to access the MySQL database by using the include with config.php in it. Then we get the session variable "username" into the PHP variable $touser. This is an INBOX. Do the math. Then we get the POSTed value "clickedid" which relates to the Delete links. When the link is clicked, the message row/record's id number is sent to a JavaScript function that sticks this number into an HTML form which gets submitted by this same function since there is no visible form and no submit button in this form. But it can be submitted anyway using a submit() function in a dot notation statement to access the properties of the form object. JavaScript provides the form object that contains the submit() method as well as the hidden field named clickedid's actual value. We need this id POSTed to this page, and this combination of HTML, JavaScript, and PHP does the trick.

Then we check the clickedid value we just POSTed and see if it is set. If so we update our privatemessages table using SET deleted='1'. This is how you do field value updating in MySQL. Use the MySQL UPDATE statement for field value updating. If the value is 0 we change it to 1 and if it is 1, we leave it. Note that the POSTed id is used in the WHERE phrase so we change the right record/row. Next we get all the incoming messages going to $touser as long as their deleted flags are not set and we list the results with the most recent first.

We'll skip over the browser sniffing that empowers a CSS style adjustment for cosmetic purposes and a textCounter() function that really only is needed in the Private Message Sending Form page. We initialize the clicked variable, in JavaScript now, then declare the readit() function which loads the hidden field in the form with the id value, then submits the form. No sense wasting code by commenting out the JavaScript with HTML commenting syntax since our script depends on the JavaScript/PHP combination and those who won't turn on JavaScript are not going to get far with our scripts.

We'll skip over the CSS style section and menu and get to the table caption where we snuck in the user's user name via a quick PHP insert. HTML doesn't mind this type of mixture, nor does JavaScript, although the latter is a bit fussy when you try to load JavaScript variables from PHP variables. See our JSON page for more details, since JSON cures JavaScript's reluctance problems in this area.

Recall that we stuck the results of grabbing all your messages into a PHP resource result variable $sql. Now we use the mysql_fetch_array() function to get the record contents—of all records with your user name in the touser field—into arrays that we now loop through a row at a time to display on the screen. We check the readit flag and put the name of the appropriate gif image (our buttons) into $read, and if this was the inbox page and not the inbox message deletion page, we would turn this image into a linked button. But it's not the regular inbox, so we ignore $read and images and merely put the messages' dates into $sent and ids into $id. For security, we use the htmlentities() function for screen display after using the stripslashes() function because all data got stored in the db with use of the mysql_real_escape_string() function which most people use for security.

Note that in the link that has the link text Delete, we use onclick='clicked=".$id.",readit()'. This grabs the selected message's id and puts it into the JavaScript variable clicked, then runs the readit() function in which we stick the id into the form's hidden field and submit the form. JavaScript doesn't seem to mind us loading its variables in events like onclick.

Finally, we close MySQL and in HTML declare the form with the hidden field but no submit button. In running the script, you will see "(Click Delete link to indicate you want to trash the message.)" in the table caption, and users are bound to find this a very handy device to delete messages with.

Feel free to add other features to the script such as undeleting messages. The messages are not really gone when you "delete" them. They are just MARKED deleted. Go to phpMyAdmin and set any message's deleted field back to 0 whenever you want.

Name this file message-delete-received.php

<?php

include_once"checkid.php";

include('config.php');

// message-delete-received.php

$touser = $_SESSION['username'];

$clickedid = $_POST['clickedid'];
if (isset($clickedid)){$sql = mysql_query("UPDATE privatemessages SET deleted='1' WHERE id='$clickedid'");unset($clickedid);}

$sql = mysql_query("SELECT * FROM privatemessages WHERE touser = '$touser' AND deleted = '0' ORDER BY datesent DESC");

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete a Received Private Message</TITLE>
<meta name="description" content="Delete a Received Private Message">
<meta name="keywords" content="Delete a Received Private Message,Private Messaging,Private Message,php,javascript, dhtml, DHTML">
<script language="javascript">
mactest=(navigator.userAgent.indexOf("Mac")!=-1) //My browser sniffers
Netscape=(navigator.appName.indexOf("Netscape") != -1)
msafari=(navigator.userAgent.indexOf("Safari")!= -1)
wsafari=0; if(!mactest&&msafari){wsafari=1;msafari=0}
is_opera = 0; if(window.opera){is_opera=1}
is_ie_mac = 0; is_ie=0;if(document.all){is_ie=1}

function fixwidth(){if(Netscape||is_opera){e=document.getElementById('box');e.style.width='826px';e=document.getElementById('menu');e.style.width='116px';}}

function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}

var clicked=0;

function readit(){
document.MyForm.clickedid.value=clicked;
document.MyForm.submit();}
</script>
<STYLE TYPE="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ccc}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
#box {background-color:#eee;position:absolute;top:50px;left:150px;
width:850px;padding:10px;border:2px solid blue}
#table1 {width:100%;border:1px solid blue;text-align:center}
#menu {background-color:#eee;position:absolute;top:50px;
left:0px;width:130px;padding:5px;border:2px solid blue}
</STYLE>
</head>
<body onload="fixwidth()">
<h1>Delete a Received Private Message</h1>
<div id='menu'>
<a HREF="send-message-form.php">Send Message</a><BR><BR>
<a HREF="message-inbox.php">Message Inbox</a><BR><BR>
<a HREF="message-outbox.php">Message Outbox</a><BR><BR>
<a HREF="message-delete-received.php">Delete Inbox<BR>Message</a><BR><BR>
<a HREF="message-delete-sent.php">Delete Outbox<BR>Message</a><BR><BR>
<a HREF="message-login.php">Login</a><BR><BR>
<a HREF="message-logout.php">Logout</a>
</div>
<div id='box'>
<table id='table1' border='1'>
<caption><b>Messages to: <?php echo $touser; ?></b> — (Click Delete link to indicate you want to trash the message.)</caption>

<tr><th>From</th><th>Subject</th><th>Date</th>
<th>Status</th><th>Message</th></tr>

<?php

while($rows=mysql_fetch_array($sql)){

if($rows['readit']=="0"){$read="notread.gif";}else{$read="read.gif";}

$sent=stripslashes($rows['datesent']);

$id=$rows['id'];
echo "<tr><td>".htmlentities(stripslashes($rows['fromuser']), ENT_QUOTES)."</td>";
echo "<td>".htmlentities(stripslashes($rows['subject']), ENT_QUOTES)."</td>";
echo "<td>".date('Y/m/d',$sent)."</td>";
echo "<td><a href='#' onclick='clicked=".$id.",readit()'>Delete</a></td>";
echo "<td>".htmlentities(stripslashes($rows['message']), ENT_QUOTES)."</td></tr>";
}

mysql_close();

?>

</table>

<form name="MyForm" method="POST" action="message-delete-received.php">
<input type="hidden" name="clickedid" value=" ">
</form>

</body>
</html>

Free Personal Status Boards (PSB™)

Delete a Received Private Message on Your Website