Jump to content

Help with this code needed!!!


iantearle

Recommended Posts

Have created the following code to delete a file or folder with a name specified in the form, then submitted with the button, i dont want the action to be carried out on a different page, and this resides within more php functions from 'lussumo filebrowser'. Please help!!!

  [code]<div class=\"deletef\"><form name=\"frm".$delete_form_action."\" method=\"get\" action=\"".$this->SelfUrl."\">
<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">
<input type=\"submit\" value=\"Delete\">
</form>
  </div>
        ".$CurrentPath.BuildPath($Config->FolderNavigator, $Config->FilesPerPage)."
      </div>");


$delete_form_action = $_SERVER['PHP_SELF'];
if (empty($_POST['folder_name'])){
}
else {
$folder_name = rmdir($_POST['folder_name']);
$folder_name = unlink($_POST["foldername"]);
}[/code]
Link to comment
https://forums.phpfreaks.com/topic/23066-help-with-this-code-needed/
Share on other sites

It seems like you have everything there, but it's not very safe! All you have to do is, do what your doing and submit the form to it's self, you can do that by setting the form action to '' or fill it with $_SERVER['PHP_SELF'] after you validate it, also be sure your validate folder_name, if you don't then anyone can remove any folder they want!

As for your form, the input...

[code]<input type=\"text\" size=\"10\" name=\" " .print $folder_name; "\">[/code]

doesn't make very much sense, you have to give the form input a name and then the value is the folder to delete!

[code]echo '<input type="text" size="10" name="folder_name" value="' . $folder_name . '" />[/code]


me!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.