Page 1 of 1

Deleting Images

Posted: Mon Nov 16, 2009 10:39 am
by MiniMonty
Hi all,

I've got a db with a table "pictures" which stores file paths to images that users have uploaded.
I'm trying to allow users to delete chosen images.
From a Flash front end (don't be put off it's the php I'm struggling with ! ) I give a variable of "toPHP"
which contains the complete file path i.e. /members/1/images/6.jpg my php script converts this to
it's own local variable of "$fromFlash" and I'm wondering what I've got wrong in the following code...

Code: Select all

 
<?php
session_start(); 
     if(isset($_GET['id']) || isset($_POST['id']));
 
 else if (isset($_SESSION['id'])) {
 
    
     $id = $_SESSION['id'];
 
} else {
    
   include_once "register.php";
   exit();
}
include_once "scripts/connect_to_mysql.php";
$fromFlash = $_POST['toPHP'];
$delete_file = ($fromFlash);
$sql = mysql_query("DELETE FROM pictures WHERE dirpath = "$fromFlash";")
or die (mysql_error());
 
if(!unlink($fromFlash)) die("Failed to delete file");
    else{
    $toFlash = "&toFlash=";
    $toFlash .= "Image has been deleted";
    echo $toFlash;
}
?>
 
Best wishes
Monty

Re: Deleting Images

Posted: Mon Nov 16, 2009 12:44 pm
by sergio-pro
Hi

Try using single quotes in query: "DELETE FROM pictures WHERE dirpath = '$fromFlash';"

I'd also suggest adding some checks for content of $fromFlash to prevent Sql injection.
Also check path in $fromFlash - or some user can delete something you don't want to.