My users can create a note that they can later delete, if they wish.
I'm storing the note in the database and these are my columns in my database: id, uid, note, time.
In my model (model_entry), I have this code to delete the note from database
PHP Code:
$this->db->where('pid', $pid);
$this->db->delete('dayone_entries');
This, however, can let anyone delete any post id if they have the post id.
This is what I mean.
My view (view_all_entries):
PHP Code:
<a href="<?php echo base_url() . "profile/delete_entry/" . $data->pid; ?>">Delete</a>
As you can see, it gets the pid and puts it in the website url and then moves it on to my controller.
My controller (profile.php) :
PHP Code:
function delete_entry() {
$this->load->model('model_entry');
$pid = $this->uri->segment(3);
$this->model_entry->entry_delete($pid);
$this->entries();
}
And finally, my model which I have also written the code for above.
Model (model_entry):
PHP Code:
$this->db->where('pid', $pid);
$this->db->delete('dayone_entries');
My question: I don't want anyone going in and deleting the notes. The person can only delete the note if IT BELONGS TO THEIR UID.
So if the
pid is 3 and the
uid is 1, only the user which has the
uid 3 can delete the note (
pid 3), no one else.