Deleting Images

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
MiniMonty
Forum Contributor
Posts: 196
Joined: Thu Sep 03, 2009 9:09 am
Location: UK

Deleting Images

Post by MiniMonty »

Hi all,

I've got a db with a table "pictures" which stores file paths to images that users have uploaded.
I'm trying to allow users to delete chosen images.
From a Flash front end (don't be put off it's the php I'm struggling with ! ) I give a variable of "toPHP"
which contains the complete file path i.e. /members/1/images/6.jpg my php script converts this to
it's own local variable of "$fromFlash" and I'm wondering what I've got wrong in the following code...

Code: Select all

 
<?php
session_start(); 
     if(isset($_GET['id']) || isset($_POST['id']));
 
 else if (isset($_SESSION['id'])) {
 
    
     $id = $_SESSION['id'];
 
} else {
    
   include_once "register.php";
   exit();
}
include_once "scripts/connect_to_mysql.php";
$fromFlash = $_POST['toPHP'];
$delete_file = ($fromFlash);
$sql = mysql_query("DELETE FROM pictures WHERE dirpath = "$fromFlash";")
or die (mysql_error());
 
if(!unlink($fromFlash)) die("Failed to delete file");
    else{
    $toFlash = "&toFlash=";
    $toFlash .= "Image has been deleted";
    echo $toFlash;
}
?>
 
Best wishes
Monty
User avatar
sergio-pro
Forum Commoner
Posts: 88
Joined: Sat Dec 27, 2008 12:26 pm

Re: Deleting Images

Post by sergio-pro »

Hi

Try using single quotes in query: "DELETE FROM pictures WHERE dirpath = '$fromFlash';"

I'd also suggest adding some checks for content of $fromFlash to prevent Sql injection.
Also check path in $fromFlash - or some user can delete something you don't want to.
Post Reply