angelali

well the path is correct, I name it to 'mages' itself. For the file permission, Im on Windows XP local host, and it's read only the folder. I will not be able to assign chmod on Windows if Im not mistaken! I was trying to change the file permissions but in vain...

I read everything there, I tried almost everything, but it is not deleting the fle. For example, I even put '@' before unlink, but in vain

I want to delete a file, I'm using Windows XP, however, it gives me Permission Denied: $file =$row['img'] ; $filedel = "mages/".$file; unlink ($filedel); Is the code wrong? I tried setting permission to the folder but in vain...

I'm sorry guys for asking two times for answers... @DarkFreaks, so if nothing has happened, then I think its secure... Thank you guys...

Well, are you here? I posted the full codes

Jesirose knows this code as she was helping me yesterday.... By the way Jesirose, I successfully solved the problem yesterday.. Here are the codes what Im telling you below: The checkbox: echo '<td><input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/></td>'; A part of the codes: if (isset($_POST['delete'])) { foreach ($_POST['delete'] as $delete) { $ids[] = mysql_real_escape_string(strip_tags($delete)); } mysql_query("DELETE FROM photos WHERE images_ID IN (".implode(',',$ids).")");; echo "Record Deleted."; } Everything is ok, only want to know if this can be attacked thats all..

Oh no lol, it does hold a value, I mean the checkbox has a value, it has a value from database...

Well, to be in brief, I can leave it like this then: $checkbox = mysql_real_escape_string(strip_tags($_POST['checkbox'])); Sorry lol , I'm a bit sleepy today...

Elaborate.... I know it has no value...so does this mean even by applying these security measures, it can be attacked as it returns true?

Well, I just want to know, if I add mysql_real_escape_string and strip_tags to a checkbox, does this mean it is 100% protected from SQL injection and XSS attack? For example: <input type=checkbox' name="checkbox"/> $checkbox = mysql_real_escape_string(stip_tags($_POST['checkbox']));

What you mean by (string) in the first line of code..?

Let's forget the isset for some minutes, what's more important is to protect the checkbox from attacks, I tried the following methods to protect the checkbox from attacks: if (isset($_POST['delete'])) { $del_img = mysql_real_escape_string(strip_tags($_POST['delete'])); foreach($del_img as $id => $val) { $ids[] = $val; } mysql_query("DELETE FROM photos WHERE img_ID IN (".implode(',',$ids).")"); echo "Record Deleted."; } I got these errors: Warning: strip_tags() expects parameter 1 to be string Warning: Invalid argument supplied for foreach() Notice: Undefined variable: ids Warning: implode() [function.implode]: Invalid arguments passed

Well, I tried that before, I even tries with !isset, but it writes the message which to display to the user that a checkbox should be checked before clicking on the delete button.. If this is not a bad principle or whatever, I will forget it, however, the mysql_real_escape_string and the strip_tags are more important.... I tried, but gives me an error.... Just tell me where to implement them thats all.. For example, I tried this: if (isset($_POST['delete'])) {....... $dimg = mysql_real_escape_string(strip_tags($_POST['delete'])); But it gave me an error, which I forgot as I already removed it...

Guys, sorry, I have to go, its very late here, if possible, just help me with these two remaining issues, willl reply you in some hours.. thank you

Error reporting is always on when im on localhost.. And yes, Pikachu2000 is right, when I put it after <?php, it gives me Array ()

No, nothing appears

I did print_r($_POST); just after the code of echo "Records deleted"; when I click the button Delete without checking a checkbox, nothing appears..

Well, I successfully did it well...thank you guys.. however to problems remain: 1/ How can I tell the user that the checkbox must be checked if he clicked on the delete button without checking? Because, i used POST here, and I think 'empty()' or ' !="" ' will not work! I tried '!isset' also. 2/ I tried implementing mysql_real_escape_string and strip_tags to the checkbox, but gives me an error as it is conflicting with the FOR Each loop

Help! :'(

Still not deleting, but it does give me the message it has been deleted. Is something wrong in the codes? <?php $con = mysql_connect('localhost', 'root', '') or die ('Connection Failed'); mysql_select_db('img', $con) or die ('Connection Failed'); $display = mysql_query("SELECT * FROM photos WHERE email='$lemail'"); echo '<input type="submit" value="Delete" name="del"/>'; echo "<table> <tr> <th>#</th> <th>Images</th> <th>Image description</th> <th>Delete</th> </tr>"; while($row = mysql_fetch_array($display)) { echo "<tr>"; echo "<td>".$row['img_ID']."</td>"; echo "<td><img src='folder/".$row['imaged']."' alt='alt text' width='100' height='100' class='thumb'/> </td>"; echo "<td>".$row['image_description']."</td>"; echo '<td><input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/></td>'; echo "</tr>"; } echo "</table>"; echo "</form>"; if (isset($_POST['delete'])) { foreach($_POST['delete'] as $id => $val) { $ids[] = $id; } mysql_query("DELETE FROM photos WHERE img_ID IN (".implode(',',$ids).")"); echo "Record Deleted."; } mysql_close($connect); ?>

UPDATE: Now it is working, but only the message keep displaying multiple times! HELP!

I want to delete rows in a table of my database using check-box. Here are my codes below: <?php $con = mysql_connect('localhost', 'root', '') or die ('Connection Failed'); mysql_select_db('img', $con) or die ('Connection Failed'); $display = mysql_query("SELECT * FROM photos WHERE email='$lemail'"); echo '<input type="submit" value="Delete" name="del"/>'; echo "<table> <tr> <th>#</th> <th>Images</th> <th>Image description</th> <th>Delete</th> </tr>"; while($row = mysql_fetch_array($display)) { echo "<tr>"; echo "<td>".$row['img_ID']."</td>"; echo "<td><img src='folder/".$row['imaged']."' alt='alt text' width='100' height='100' class='thumb'/> </td>"; echo "<td>".$row['image_description']."</td>"; echo '<td><input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/></td>'; echo "</tr>"; } echo "</table>"; echo "</form>"; if (isset($_POST['delete'])) { $del = $row['img_ID']; for($i=0;$i<count($_POST["delete"]);$i++) { if($_POST["delete"][$i] != "") { $str = "DELETE FROM photos WHERE img_ID='$del' "; mysql_query($str); echo "Record Deleted."; } } } mysql_close($connect); ?> Here are the problems: 1/ Not working at all, I mean no image is being deleted 2/ At then end, I display a message that the record has been deleted, but if I check multiple checkbox, it keeps writing the message "Records deleted" multiple times My images are stored in a folder while its details in database... Help, thank you

Its working fine, I want the user to delete the images if he wants, do you know how to delete image in the folder? I mean, each image, I will insert a link something like that or a checkbox, if the user click on it, it deletes the respective image he has clicked... it will have to delete the respective row of the image in database as well..

Yes, now its working.. if I want to add alt text, width and height as well as title, can you do it for me?

Oops sorry, I did include the closing tag, but forgot to write it above, but it is not working, see it below again: "<img src='saveimage/'".$row['img_description']."/>";