heheh124
Reputation: 29
How can I allow to delete only for logged in users
I'm trying to create a delete function that deletes a MySQL row only if that row was created by the same logged-in user. So if the row is not created by that user, it cannot delete that row.
Here's what I have so far (Javascript):
app.post('/Update_Award', function(request, response) {
var connection = request.app.get('pool');
if (request.session.loggedin) {
//delete query
connection.query('SELECT username FROM accounts', [request.session.username], function (error, results, fields) {
//if (results[0].username === request.session.username) {
connection.query('DELETE FROM award WHERE id = ?', [request.body.id], function(error, results, fields) {
//do something
} else {
console.log("No access");
}
The MySQL table for accounts has "id" column and "username" column. I want to make is so that only rows created by the same logged in user id can be deleted.
The rows created are identified by issuerID. So I am deleting the rows by the row ID and the rows created by isserID.
Upvotes: 0
Views: 219
Answers (2)
mohammad javad ahmadi
Reputation: 2081
You can change your code to
app.post('/Update_Award', function(request, response) {
var connection = request.app.get('pool');
if (request.session.loggedin) {
connection.query('DELETE FROM award WHERE id IN (SELECT id FROM accounts WHERE username = ?)', [request.session.username], function(error, results, fields) {
if (//your condition) {
//do something
} else {
console.log("No access");
}
})
}
})
Upvotes: 2
astrosixer
Reputation: 121
You can do it like below.
app.post('/Update_Award', function(request, response) {
var connection = request.app.get('pool');
if (request.session.loggedin) {
connection.query('DELETE FROM award WHERE id = ? AND issuerID IN (SELECT
id FROM accounts WHERE username = ?)', [request.body.id,
request.session.username], function(error, results, fields) {
if (//your condition) {
//do something
} else {
console.log("No access");
}
})
}
})
Upvotes: 0
Related Questions
- Why I am unable to delete a database record using a NodeJS code?
- Use JavaScript to delete records from MySQL table
- Data deletion from database dynamically using delete request in node.js
- creating DELETE request using nodejs on sql database
- deleting a row from db using node, mysql, express and pure js
- How does one ensure that a user can delete only specific records?
- Node JS mysql delete from database with multiple conditions
- Error when deleting from mySQL in node.js
- Give logged in user delete option only
- Express JS - deleting entry from mysql