ricpurcell

Thanks done that Basicly I want to check that the filename and id the user has entered exists in the same column else print the error ? summit like I know how to check it exists in db but not how check its in same column if ($filename & $id !== Same column in database ) { error[] = "Please check the details you entered ; } else { continue with code } sorry my mistake same row not column

can you also help me with something else please I want to do a further validation check that the $filename and $id is in the same column how would I do this ?

$query = "SELECT id,photo FROM test ORDER BY id"; foreach($db->query($query) as $row): ok thanks changed it to this but not sure what you mean about the pdo options only just started trying to use pdo for db as its more secure I was told ?

for anybody trying to do something similar i done this like so works perfect how I wanted it to (copies the filename of button clicked and then pastes it into the filename field .... PHP CODE TO RETRIEVE DATABASE AND DELETE SELECTED <?php // These variables define the connection information for your MySQL database $username = ""; $password = ""; $host = ""; $dbname = ""; // UTF-8 is a character encoding scheme that allows you to conveniently store // a wide varienty of special characters, like ¢ or €, in your database. // By passing the following $options array to the database connection code we // are telling the MySQL server that we want to communicate with it using UTF-8 // See Wikipedia for more information on UTF-8: // http://en.wikipedia.org/wiki/UTF-8 $options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); // A try/catch statement is a common method of error handling in object oriented code. // First, PHP executes the code within the try block. If at any time it encounters an // error while executing that code, it stops immediately and jumps down to the // catch block. For more detailed information on exceptions and try/catch blocks: // http://us2.php.net/manual/en/language.exceptions.php try { // This statement opens a connection to your database using the PDO library // PDO is designed to provide a flexible interface between PHP and many // different types of database servers. For more information on PDO: // http://us2.php.net/manual/en/class.pdo.php $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); } catch(PDOException $ex) { // If an error occurs while opening a connection to your database, it will // be trapped here. The script will output an error and stop executing. // Note: On a production website, you should not output $ex->getMessage(). // It may provide an attacker with helpful information about your code // (like your database username and password). die("Failed to connect to the database: " . $ex->getMessage()); } // This statement configures PDO to throw an exception when it encounters // an error. This allows us to use try/catch blocks to trap database errors. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // This statement configures PDO to return database rows from your database using an associative // array. This means the array will have string indexes, where the string value // represents the name of the column in your database. $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); // This block of code is used to undo magic quotes. Magic quotes are a terrible // feature that was removed from PHP as of PHP 5.4. However, older installations // of PHP may still have magic quotes enabled and this code is necessary to // prevent them from causing problems. For more information on magic quotes: // http://php.net/manual/en/security.magicquotes.php if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { function undo_magic_quotes_gpc(&$array) { foreach($array as &$value) { if(is_array($value)) { undo_magic_quotes_gpc($value); } else { $value = stripslashes($value); } } } undo_magic_quotes_gpc($_POST); undo_magic_quotes_gpc($_GET); undo_magic_quotes_gpc($_COOKIE); } // This tells the web browser that your content is encoded using UTF-8 // and that it should submit content back to you using UTF-8 header('Content-Type: text/html; charset=utf-8'); // This initializes a session. Sessions are used to store information about // a visitor from one web page visit to the next. Unlike a cookie, the information is // stored on the server-side and cannot be modified by the visitor. However, // note that in most cases sessions do still use cookies and require the visitor // to have cookies enabled. For more information about sessions: // http://us.php.net/manual/en/book.session.php session_start(); // Note that it is a good practice to NOT end your PHP files with a closing PHP tag. // This prevents trailing newlines on the file from being included in your output, // which can cause problems with redirecting users. JAVASCRIPT TO COPY FILENAME TO FILENAME FIELD // JavaScript Document function ClipBoard(obj) { var filename = document.getElementById("filename"); filename.innerText = obj.innerText; Copied = filename.createTextRange(); Copied.execCommand("Copy"); } PHP CODE TO CONNECT TO DATABASE <?php include ("common.php"); // Run Query To Show The Current Data In Database try { $query = "SELECT id,photo FROM test ORDER BY id"; $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <script type="text/javascript"> function ClipBoard(obj) { var filename = document.getElementById("filename"); filename.innerText = obj.innerText; Copied = filename.createTextRange(); Copied.execCommand("Copy"); } </script> </head> <body> <?php foreach ($rows as $row) { $i = $row["photo"]; print '<textarea class="js-copyfilename" name="copytext'.$i.'" id="copytext'.$i.'">'.$i.'</textarea><input type="button" onclick="ClipBoard(document.getElementById(\'copytext'.$i.'\'));" value="Copy to Clipboard"> <br>'; } ?> <textarea name="filename" id="filename" style="display:block;"> </textarea> </body> </html>

Appears to be working ok for me in firefox :S

ah ok im using ie I will download ff tomorrow and run few tests on there do you have any Idea how I can do this in jquery not clue where to start with jquery unfortunately Thankyou for letting me know

Don't see why I get no errors and when I click the first copy filename button it copies the text what browser are you using ? also I don't mind whether I use jquery or javascript to do it just need help in doing it

<?php // Include Databse include "common.php"; // validation errors $error = array(); // Check if form has been submitted if (isset ($_POST['delete'])) { // get the filename & id. See php.net/basename for more info $filename = basename($_POST['filename']); $id =($_POST['id']); // get file extension, see php.net/pathinfo for more info $ext = pathinfo($_POST['filename'], PATHINFO_EXTENSION); // allowed file extensions $allowedExtensions = array('jpeg','jpg','gif','png','bmp'); // Check filename is not empty if(empty($filename)) { $error[] = "Please enter a Filename"; } // Check valid file extension used else if(!in_array($ext, $allowedExtensions)) { $error[] = "Please check Filename"; } // Check ID is not empty if(empty($_POST['id'])) { $error[] = "Please enter a ID"; } else if(is_numeric($id)) { // Check ID exists in database $query = "SELECT id FROM `test` WHERE `id` = :id" ; $stmt = $db->prepare($query); $stmt->bindParam(":id", $id); $stmt->execute(); if(!$stmt->rowCount() == 1) { $error[] = "Please check ID"; } } else { $error[] = "ID is not numeric"; } // delete file from database if there are no errors if (empty($error)) { // path to the image $file_to_delete = 'images/' . $filename; // Checks the file exists and that is a valid image if(file_exists($file_to_delete) && getimagesize($file_to_delete)) { // Delete File From Directory unlink($file_to_delete); } else { $error[] = "File not found please check Filename"; } if (empty($error)) { // Run Query To Delete File Information From Database try { $query = "DELETE FROM `test` WHERE `id` = :id"; $stmt = $db->prepare($query); $stmt->execute(array('id' => intval($_POST['id']))); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $status = "File Deleted"; } } } // Run Query To Show The Current Data In Database try { $query = "SELECT id,photo FROM test ORDER BY id"; $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <link href="css/delete.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrap"> <form action="delete.php" method="post" enctype="multipart/form-data"> Please enter the Filename and ID of the image you wish to delete <table width="284" align="center"> <tr> <td width="144" class="table1">Filename</td> <td width="128" class="table1">ID </td> </tr> <tr> <td class="table1"><input name="filename" type="text" value="<?php echo $filename; ?>" /></td> <td class="table1"><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" /></td> </tr> </table> <p> <?php // Show validation errros here if(!empty($error)): echo implode('<br />', $error); echo $status; endif; ?> <br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> </form> <p>Current Images Inside Gallery <br /> <?php foreach($rows as $row): ?> <div class="t"> <table class="table2"> <tr> <td class="table2"><?php echo $row["id"]; ?></td> </tr> <tr> <td><img src="images/<?php echo $row["photo"] ; ?>" alt="" width="130" height="130" /></td> </tr> <tr> <td><textarea class="js-copyfilename" readonly="readonly" ><?php echo $row["photo"];?></textarea> <button class="js-copyfilenamebtn">Copy Filname</button> </td> </tr> </table> </div> <?php endforeach;?> </div> <script type="text/javascript"> var copyfilenameBtn = document.querySelector('.js-copyfilenamebtn'); copyfilenameBtn.addEventListener('click', function(event) { var copyfilename = document.querySelector('.js-copyfilename'); copyfilename.select(); try { var successful = document.execCommand('copy'); var msg = successful ? 'successful' : 'unsuccessful'; console.log('Copying text command was ' + msg); } catch (err) { console.log('Oops, unable to copy'); } }); </script> </body> </html> Basicly this is my full page code what I am tring to do is create a button that will copy the filename so the user can paste it into the field (incase its to long and saves them highliting it heres a live preview of the code so you can perhaps see what the problem is the first copy filename works but the rest doesn't http://rbgraphix.co.uk/gallery/display/New/delete.php

as above the issue was the double quotes but don't know if you are planning it but I would suggest you validate the form to check the form is complete as atm the moment if all fields are empty and the user submits the form sql will receive the blank data

I have just created something similar but my images are stored in a directory and the filename is fetched from sql as this is better than to have a blob of images i think i understand what you are trying to do and in order to do this i agree with Ch0cu3r use $result = $mysqli->query('SELECT image,id FROM images'); while($row = $result->fetch_assoc()) { echo '<img src="' . $row['image'] . '" alt="'. $row['image_id']. '" />'; // output image }

<p>Current Images Inside Gallery <br /> <?php foreach($rows as $row): ?> <div class="t"> <table class="table2"> <tr> <td class="table2"><?php echo $row["id"]; ?></td> </tr> <tr> <td><img src="images/<?php echo $row["photo"] ; ?>" alt="" width="130" height="130" /></td> </tr> <tr> <td><textarea class="js-copyfilename" readonly="readonly" ><?php echo $row["photo"];?></textarea> <button class="js-copyfilenamebtn">Copy Filname</button> </td> </tr> </table> </div> <?php endforeach;?> </div> <script type="text/javascript"> var copyfilenameBtn = document.querySelector('.js-copyfilenamebtn'); copyfilenameBtn.addEventListener('click', function(event) { var copyfilename = document.querySelector('.js-copyfilename'); copyfilename.select(); try { var successful = document.execCommand('copy'); var msg = successful ? 'successful' : 'unsuccessful'; console.log('Copying text command was ' + msg); } catch (err) { console.log('Oops, unable to copy'); } }); </script> I am trying to create a button so the user can copy `$filename` then paste it into a field (this part I will code after this is sorted) I have this code which works but it only works for the first row I understand that I will need array the that this is because I would probably need to array the js-copyfilename and js-copyfilenamebtn classes so each one is different but i know very little about JavaScript so would know where to start Thanks in advance

<p>Current Images Inside Gallery <br /> <?php foreach($rows as $row): ?> <div class="t"> <table class="table2"> <tr> <td class="table2"><?php echo $row["id"]; ?></td> </tr> <tr> <td><img src="images/<?php echo $row["photo"] ; ?>" alt="" width="130" height="130" /></td> </tr> <tr> <td><textarea class="js-copyfilename" readonly="readonly" ><?php echo $row["photo"];?></textarea> <button class="js-copyfilenamebtn">Copy Filname</button> </td> </tr> </table> </div> <?php endforeach;?> </div> <script type="text/javascript"> var copyfilenameBtn = document.querySelector('.js-copyfilenamebtn'); copyfilenameBtn.addEventListener('click', function(event) { var copyfilename = document.querySelector('.js-copyfilename'); copyfilename.select(); try { var successful = document.execCommand('copy'); var msg = successful ? 'successful' : 'unsuccessful'; console.log('Copying text command was ' + msg); } catch (err) { console.log('Oops, unable to copy'); } }); </script> Could somebody help me further please I am trying to create a Button so the user can copy the $filename the code works for the first one but not for the rest I understand that this is because I would probably need to array the js-copyfilename and js-copyfilenamebtn but I know very little about JavaScript so wouldn't know where to start Many Thanks

<?php // Include Databse include "common.php"; // validation errors $error = array(); // Check if form has been submitted if (isset ($_POST['delete'])) { // get the filename & id. See php.net/basename for more info $filename = basename($_POST['filename']); $id =($_POST['id']); // get file extension, see php.net/pathinfo for more info $ext = pathinfo($_POST['filename'], PATHINFO_EXTENSION); // allowed file extensions $allowedExtensions = array('jpeg','jpg','gif','png','bmp'); // Check filename is not empty if(empty($filename)) { $error[] = "Please enter a Filename"; } // Check valid file extension used else if(!in_array($ext, $allowedExtensions)) { $error[] = "Please check Filename"; } // Check ID is not empty if(empty($_POST['id'])) { $error[] = "Please enter a ID"; } else if(is_numeric($id)) { // Check ID exists in database $query = "SELECT id FROM `test` WHERE `id` = :id" ; $stmt = $db->prepare($query); $stmt->bindParam(":id", $id); $stmt->execute(); if(!$stmt->rowCount() == 1) { $error[] = "Please check ID"; } } else { $error[] = "ID is not numeric"; } // delete file from database if there are no errors if (empty($error)) { // path to the image $file_to_delete = 'images/' . $filename; // Checks the file exists and that is a valid image if(file_exists($file_to_delete) && getimagesize($file_to_delete)) { // Delete File From Directory unlink($file_to_delete); } else { $error[] = "File not found please check Filename"; } if (empty($error)) { // Run Query To Delete File Information From Database try { $query = "DELETE FROM `test` WHERE `id` = :id"; $stmt = $db->prepare($query); $stmt->execute(array('id' => intval($_POST['id']))); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $status = "File Deleted"; } } } // Run Query To Show The Current Data In Database try { $query = "SELECT id,photo FROM test ORDER BY id"; $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <style type="text/css"> .table { text-align: center; } .table { font-weight: bold; } </style> </head> <body> <form action="delete2.php" method="post" enctype="multipart/form-data" class="table"> Please enter the Filename and ID of the image you wish to delete <table width="178" align="center"> <tr class="table"> <td width="144" class="table">Filename</td> <td width="30" class="table">ID </td> </tr> <tr> <td><input name="filename" type="text" value="<?php echo $filename; ?>" /></td> <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" /></td> </tr> </table> <p> <?php // Show validation errros here if(!empty($error)): echo implode('<br />', $error); echo $status; endif; ?> <br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> <p>IMAGE DETAILS </p> <table width="400" align="center" class="table"> <tr> <th width="61">ID</th> <th width="185">Filename</th> <th width="138">Image</th> </tr> </table> <table width="400" align="center" class="table"> <?php foreach($rows as $row): ?> <tr> <td width="61"><?php echo $row['id']; ?></td> <td width="185"><?php echo $row['photo']; ?></td> <td width="138" height="138"> <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /> </td> </tr> <?php endforeach; ?> </table> </p> <p><br /> <br /> </p> </form> </body> </html> Ok resolved that problem by adding another if(empty($error)) before sql runs this is new code after them ajustments just mentioned

<?php // Include Databse include "common.php"; // validation errors $error = array(); // Check if form has been submitted if (isset ($_POST['delete'])) { // get the filename & id. See php.net/basename for more info $filename = basename($_POST['filename']); $id = basename($_POST['id']); // get file extension, see php.net/pathinfo for more info $ext = pathinfo($_POST['filename'], PATHINFO_EXTENSION); // allowed file extensions $allowedExtensions = array('jpeg','jpg','gif','png','bmp'); // Check filename is not empty if(empty($filename)) { $error[] = "Please enter a Filename"; } // Check valid file extension used else if(!in_array($ext, $allowedExtensions)) { $error[] = "Please check Filename"; } // Check ID is not empty else if(empty($_POST['id'])) { $error[] = "Please enter a ID"; } else if(is_numeric($id)) { // Check ID exists in database $query = "SELECT id FROM `test` WHERE `id` = :id" ; $stmt = $db->prepare($query); $stmt->bindParam(":id", $id); $stmt->execute(); if(!$stmt->rowCount() > 0) { $error[] = "Please check ID"; } } else { $error[] = "ID is not numeric"; } // delete file from database if there are no errors if (empty($error)) { // path to the image $file_to_delete = 'images/' . $filename; // Checks the file exists and that is a valid image if(file_exists($file_to_delete) && getimagesize($file_to_delete)) { // Delete File From Directory unlink($file_to_delete); } else { $error[] = "File not found please check Filename"; } // Run Query To Delete File Information From Database try { $query = "DELETE FROM `test` WHERE `id` = :id"; $stmt = $db->prepare($query); $stmt->execute(array('id' => intval($_POST['id']))); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $status = "File Deleted"; } } // Run Query To Show The Current Data In Database try { $query = "SELECT id,photo FROM test"; $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <style type="text/css"> .table { text-align: center; } .table { font-weight: bold; } </style> </head> <body> <form action="delete2.php" method="post" enctype="multipart/form-data" class="table"> Please enter the Filename and ID of the image you wish to delete <table width="178" align="center"> <tr class="table"> <td width="144" class="table">Filename</td> <td width="30" class="table">ID </td> </tr> <tr> <td><input name="filename" type="text" value="<?php echo $filename; ?>" /></td> <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" /></td> </tr> </table> <p> <?php // Show validation errros here if(!empty($error)): echo implode('<br />', $error); echo $status; endif; ?> <br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> <p>IMAGE DETAILS </p> <table width="400" align="center" class="table"> <tr> <th width="61">ID</th> <th width="185">Filename</th> <th width="138">Image</th> </tr> </table> <table width="400" align="center" class="table"> <?php foreach($rows as $row): ?> <tr> <td width="61"><?php echo $row['id']; ?></td> <td width="185"><?php echo $row['photo']; ?></td> <td width="138" height="138"> <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /> </td> </tr> <?php endforeach; ?> </table> </p> <p><br /> <br /> </p> </form> </body> </html> ok so ive added it and slightly edited few parts like so ? Just noticed a problem if filename does exist it still continues and delets from sql if id is correct

ive already edited that so its outside the table as when I do the stylising this isn't going to be a table anymore just focussing on the code atm its working now thankyou just want to check is there a reason the ID checks aint in there? think I know how to change them if need to add them ?

done this don't receive any the errors only Error:

<td>Error: <?php implode('<br />', $error); ?></td> <td>Error: <?php implode('<br />', $errors); ?></td> get Error: Warning: implode(): Invalid arguments passed in ../delete.php on line 117 Think see why says $errors changed this to $error

// ensure user stays in correct directory if(!preg_match('/^[\w,\s-]+\.[A-Za-z]+$/',$filename)) { $error = true; $status = "Please Check FILENAME"; } else { $file_to_delete = 'images/' . $filename; } // Check file_to_delete is set if ($file_to_delete) { // Checks the file exists if(!file_exists($file_to_delete)) { $status = "File not found please check FILENAME"; $error = true; $idcheck = false; } else { $idcheck = true; } } if($idcheck) { // Check ID is not empty if(empty($id)) { $status = "Please enter a ID " ; $error = true; $filecheck = false; } //Check if ID is not numeric else if(!is_numeric($id)) { $error = true; $status = "Please check ID"; } else { // Check ID exists in database $query = "SELECT id FROM `test` WHERE `id` = :id" ; $stmt = $db->prepare($query); $stmt->bindParam(":id", $id); $stmt->execute(); //if ID exists. if($stmt->rowCount() > 0) { $error = false; } else { $error = true; $status = "Please check ID"; } this is my new code is this what you meant by it running whatever?

// ensure user stays in correct directory if(!preg_match('/^[\w,\s-]+\.[A-Za-z]+$/',$filename)) { $error = true; $status = "Please Check FILENAME"; } else { $file_to_delete = 'images/' . $filename; } // Checks the file exists if(!file_exists($file_to_delete)) { $status = "File not found please check FILENAME"; $error = true; } When I do this I get the result I want tho ? but the getimagesize() is to ensure the file is a image and not another type (with file_exists if the user puts a filaneme of anything that doesn't exist I receive only $status which I want but the its not checking the file isn't a image but if I use getimagesize and it doesn't exist then I get the $status aswell as warning error at top(the warning error is what I don't want) only the $status) so say if the user inputs a filename of test.php and it exists with with file_exists they are able to delete that file where as with getimagesize they'd reveieve the $status aswell as warning but I don't want them to see the warning

ye I noticed the $image test thanks this was an error which have now changed to $error ok so what I basically want that part of the code to do is if the file doesn't exists or if the user has input incorrect data therefore the file doesn't exist only display the $status error to inform the user the filename they entered is incorrect and not show the warning atall (as they'll already know they entered it incorrectly) would it be better to use my previous code of as I already know the image is a image I just need to check that the user had input a image name ext and not another file type in an attempt to manipulate the code if(!file_exists($file_to_delete)) { $status = "File not found please check filename"; $error = true; } INSTEAD OF if(!getimagesize($file_to_delete)) { $status = "File not found please check filename"; $error = true; }

<?php // Include Databse include ("common.php"); // VARIBLES $delete = $_POST['delete']; $id = $_POST['id']; $filename = $_POST['filename']; $error = false; $imagecheck = false; $ext = end(explode('.',$filename)); // Check if form has been submitted if (isset ($delete)) { // Check filename is not empty if(empty($filename)) { $status = "Please enter a Filename " ; $error = true; $filecheck = false; } // Check ID is not empty else if(empty($id)) { $status = "Please enter a ID " ; $error = true; $filecheck = false; } else { $filecheck = true; } if ($filecheck) { //Check filename is a image ext $imagetest=false; $ext = end(explode('.',$filename)); switch(strtolower($ext)) { case 'jpeg': $error = false; break; case 'jpg': $error = false; break; case 'gif': $error = false; break; case 'png': $error = false; break; case 'bmp': $error = false; break; default: $error = true; } // ensure user stays in correct directory if(!preg_match('/^[\w,\s-]+\.[A-Za-z]+$/',$filename)) { $error = true; $status = "Check Filename"; } else { $file_to_delete = 'images/' . $filename; } // Checks the file exists if(!getimagesize($file_to_delete)) { $error = true; $status = "File not found please check Filename"; } else { $error = false; } } /* HERE I WISH TO CHECK THAT $filename CONTAINS .JPEG,.JPG,PNG OR .GIF AT THE END SO OTHER FILE TYPES CANNOT BE DELETED I ALSO WANT TO ENSURE THAT THE USER CANNOT GO TO ANOTHER FOLDER AND STAYS IN THE CURRENT /images FOLDER THIS IS SO USER CAN ONLY INPUT A NAME OF A FILE WITH A IMAGE FILETYPE AND CANNOT DELETE FROM ANY OTHER FOLDERS OTHER THAN /images AS AT THE MOMENT YOU CAN TYPE ../FILENAME.WHATEVER AND IF IT EXISTS IT WILL DELETE IT */ if (!$error) { // Delete File From Directory unlink($file_to_delete); // Delete File Information From Database $stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (:firstname, :lastname, :email)"); $query = "DELETE FROM `test` WHERE `id` = $id" ; try { // Run Query To Delete File Information From Database $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $status = "File Deleted"; } } ?> <?php $query = "SELECT id,photo FROM test"; try { // Run Query To Show The Current Data In Database $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <style type="text/css"> .table { text-align: center; } .table { font-weight: bold; } </style> </head> <body> <form action="delete.php" method="post" enctype="multipart/form-data" class="table"> Please enter the Filename and ID of the image you wish to delete <table width="178" align="center"> <tr class="table"> <td width="144" class="table">Filename</td> <td width="30" class="table">ID </td> </tr> <tr> <td><input name="filename" type="text" value="<?php echo $filename; ?>" /> </td> <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" /> </td> </tr> </table> <p><?php echo $status; ?><br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> <p>IMAGE DETAILS </p> <table width="400" align="center" class="table"> <tr> <th width="61">ID</th> <th width="185">Filename</th> <th width="138">Image</th> </tr> </table> <table width="400" align="center" class="table"> <?php foreach($rows as $row): ?> <tr> <td width="61"><?php echo $row['id']; ?></td> <td width="185"><?php echo $row['photo']; ?></td> <td width="138" height="138"> <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /></td> </tr> <?php endforeach; ?> </table> </p> <p><br /> <br /> </p> </form> </body> </html> Done it with code below but only problem I have is if the user enters incorrect or not aloud filename I get this "Warning:getimagesize(): Filname is cannot be empty in ../delete.php on line 67 ASWELL as my $status "File not found Please check filename" I only want the user to see my status not the Warning how do I go about this please?

<?php // Include Databse include ("common.php"); // VARIBLES $delete = $_POST['delete']; $id = $_POST['id']; $filename = $_POST['filename']; $fields = array('id', 'filename'); $dir = "images/"; $file_to_delete = $dir. $filename; $error = false; // Check if form has been submitted if (isset ($delete)) { // Check filename & id is not empty foreach($fields AS $fieldname) { if(empty($_POST[$fieldname])) { $status = "Please enter a $fieldname " ; $error = true; } /* HERE I WISH TO CHECK THAT $filename CONTAINS .JPEG,.JPG,PNG OR .GIF AT THE END SO OTHER FILE TYPES CANNOT BE DELETED I ALSO WANT TO ENSURE THAT THE USER CANNOT GO TO ANOTHER FOLDER AND STAYS IN THE CURRENT /images FOLDER THIS IS SO USER CAN ONLY INPUT A NAME OF A FILE WITH A IMAGE FILETYPE AND CANNOT DELETE FROM ANY OTHER FOLDERS OTHER THAN /images AS AT THE MOMENT YOU CAN TYPE ../FILENAME.WHATEVER AND IF IT EXISTS IT WILL DELETE IT */ //Check file exists else if (!file_exists($file_to_delete)) { $status = "File not found please check your filename"; $error = true; } } if (!$error) { // Delete File From Directory unlink($file_to_delete); // Delete File Information From Database $query = "DELETE FROM `test` WHERE `id` = $id" ; try { // Run Query To Delete File Information From Database $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $status = "File Deleted"; } } ?> <?php $query = "SELECT id,photo FROM test"; try { // Run Query To Show The Current Data In Database $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <style type="text/css"> .table { text-align: center; } .table { font-weight: bold; } </style> </head> <body> <form action="delete.php" method="post" enctype="multipart/form-data" class="table"> Please enter the Filename and ID of the image you wish to delete <table width="178" align="center"> <tr class="table"> <td width="144" class="table">Filename</td> <td width="30" class="table">ID </td> </tr> <tr> <td><input name="filename" type="text" value="<?php echo $filename; ?>" /> </td> <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="3" /> </td> </tr> </table> <p><?php echo $status; ?><br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> <p>IMAGE DETAILS </p> <table width="400" align="center" class="table"> <tr> <th width="61">ID</th> <th width="185">Filename</th> <th width="138">Image</th> </tr> </table> <table width="400" align="center" class="table"> <?php foreach($rows as $row): ?> <tr> <td width="61"><?php echo $row['id']; ?></td> <td width="185"><?php echo $row['photo']; ?></td> <td width="138" height="138"> <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /></td> </tr> <?php endforeach; ?> </table> </p> <p><br /> <br /> </p> </form> </body> </html> Can somebody help me please I am currently creating a php/sql image slideshow I am currently coding the delete image page the code works as it should but am unsure how to code the bit in the /* */ comments in the code Thanks in advance