Deleting comments

Question

As you can see, on every comment there is a button but it deletes every comment when I click one button. I only want it to delete the comment it belongs to. I may get why it deletes everything since it deletes all the variables in the column comment_id from the $sql_result2 query, but I have no idea how to fix it. Should I change my $sql_result2? What am I doing wrong here?

$sql_result2 = $mysqli2->query("SELECT * FROM comments WHERE thread_id = '".$thread_id."'");
    while ($comments = mysqli_fetch_assoc($sql_result2)) {

        echo " <div id='comments' >{$comments['comment']}</br>";
        echo "<div id='name_and_date'><a href=profile.php?comment_username={$comments['username']}>{$comments['username']}</a></br>";
        echo "{$comments['date_made']}</div></div>";
        echo <<<EOT
            <table style='margin-left:42% ;'>
            <form action="?" method="post">
            <td><input name="delete_comment" type="submit" value="delete"></td>
            <table> 
EOT;
    if ( isset( $_POST['delete_comment'] ) ) { 
        $sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
        header("Location: thread.php");
    }


    }

Answer 1

You have it within the while loop, so the following code is getting executed for each comment:

if ( isset( $_POST['delete_comment'] ) ) { 
    $sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
    header("Location: thread.php");
}

You should remove that from the while loop, and replace $comments['comment_id'] with a valid get/post variable.

For example:

if ( isset( $_POST['delete_comment'] ) ) { 
        $sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$_POST['comment_id']."'");
        header("Location: thread.php");
        exit();
    }

$sql_result2 = $mysqli2->query("SELECT * FROM comments WHERE thread_id = '".$thread_id."'");
    while ($comments = mysqli_fetch_assoc($sql_result2)) {

        echo " <div id='comments' >{$comments['comment']}</br>";
        echo "<div id='name_and_date'><a href=profile.php?comment_username={$comments['username']}>{$comments['username']}</a></br>";
        echo "{$comments['date_made']}</div></div>";
        echo <<<EOT
            <table style='margin-left:42% ;'>
            <td><form action="?" method="post">
<input name="delete_comment" type="submit" value="delete">
<input name="comment_id" type="hidden" value="{$comments['comment_id']}">
</form></td>
            <table> 
EOT;
    }

but you should really look at tidying up the rest of the code. There are tags that aren't ending in the HTML, and its vulnerable to SQL injection.

Answer 2

this is happening because header function does not works if any thing is echoed before this and you put it in a while loop so once the condition isset( $_POST['delete_comment'] ) is true it will be true for all records in the loop hence deleting all records.

if ( isset( $_POST['delete_comment'] ) ) { 
        $sqldeletecomment=$mysqli2->query("delete from comments WHERE comment_id = '".$comments['comment_id']."'");
        header("Location: thread.php");
    }

there seems to be a problem in your logic as well to delete only once record. you are just setting a general flag not a particular comment_id to be deleted

Answer 3

i dont actually get what you're trying to do here, but it seems like you're to pass variable using a post method.. and delete a data using the variable as a filter...

you need to create an input element or any element which will allow you to pass your variable in a post method..

 <table style='margin-left:42% ;'>
            <form action="?" method="post">
            <td><input name="delete_comment" type="submit" value="<?php echo $comments['comment_id']; ?>"></td>
            <table> 

just like this... i used your submit button since it has no other use than to check if its already clicked..