Help with this code needed!!!

[iantearle]

Have created the following code to delete a file or folder with a name specified in the form, then submitted with the button, i dont want the action to be carried out on a different page, and this resides within more php functions from 'lussumo filebrowser'. Please help!!!

  [code]<div class=\"deletef\"><form name=\"frm".$delete_form_action."\" method=\"get\" action=\"".$this->SelfUrl."\">
<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">
<input type=\"submit\" value=\"Delete\">
</form>
  </div>
        ".$CurrentPath.BuildPath($Config->FolderNavigator, $Config->FilesPerPage)."
      </div>");


$delete_form_action = $_SERVER['PHP_SELF'];
if (empty($_POST['folder_name'])){
}
else {
$folder_name = rmdir($_POST['folder_name']);
$folder_name = unlink($_POST["foldername"]);
}[/code]

[printf]

It seems like you have everything there, but it's not very safe! All you have to do is, do what your doing and submit the form to it's self, you can do that by setting the form action to '' or fill it with $_SERVER['PHP_SELF'] after you validate it, also be sure your validate folder_name, if you don't then anyone can remove any folder they want!

As for your form, the input...

[code]<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">[/code]

doesn't make very much sense, you have to give the form input a name and then the value is the folder to delete!

[code]echo '<input type="text" size="10" name="folder_name" value="' . $folder_name . '" />[/code]


me!