Invalid ID provided - Redirecting to index.php

[The_Dude_1978]

I've got the error out of the foreach (see code below)

 

But now i'm having problems with pushing the delete button. It's not executing the deleting of pictures, but only get's to the Invalid ID provided in the first part of the code.

 

Do I have it in the wrong order? Is the $post action wrong?

 

Please do help me out!

<?php
// link in the admin page:// | <a href='administrator.php?delpic&id=<?php echo $row['id'];?>'>Delete Pics)</a> |
// action: delete pictures -----------------------------------------------------------------------------
if (isset($_GET['delpic']) && isset($_GET['id'])) {
$id = (int) $_GET['id'];
if ($id == 0) {
	die("Invalid ID provided.");
}

if($_GET['id'])
{

$sql="SELECT `id`, `first`, `last`, `username`, `email`, `about`, `level` from `users` WHERE `id`='".$_GET['id']."'";
$res=mysql_query($sql);
$row=mysql_fetch_assoc($res);

if (!isset($_POST['deletePic']))
{
?>
<html>
<head>
</head>

<body>

<!--------------------DELETE PICTURES---------------------//-->
    
<div class="dividerp">

<?php

$sql2 = "SELECT `profile_id`, `title`, `size`, `type`, `reference` FROM user_photos WHERE profile_id=".$_GET['id']."";
$res2 = mysql_query($sql2) or die(mysql_error());
            
if(mysql_num_rows($res2) > 0)
	{

	echo "<strong>Delete Pictures for account: ".$row['username']." </strong><br/><br/>";
	echo "<form name=\"deletefile\" method=\"post\" action=\"administrator.php?delpic&id=".$id."\">";

	while($file = mysql_fetch_array($res2))
		{
			echo "<br/><br/><input name=\"deletePic[]\" type=\"checkbox\" value=\"".$file['reference']."\">";
			echo "<a href=\"".$row['username']."/pics/".$file['reference']."\"/>
			<img src=\"".$row['username']."/pics/thumbs/".$file['reference']."\"/></a>";
		}
	echo "<br/><br/><input type=\"submit\" name=\"deletePic\" value=\"Delete Files\">";

	echo "</form>";

if(is_array($_POST['deletePic']))
foreach($_POST['deletePic'] as $num => $id)
{
	//delete reference in database
	@mysql_query("DELETE FROM user_photos WHERE profile_id='$profile_id' AND reference='$id'"); 
	unlink($row['username']."/pics/".$id); //delete pic in directory
	unlink($row['username']."/pics/thumbs/".$id); //delete thumbnail
}	

	}
	else
	{
		echo "Vergeet niet om foto's toe te voegen<br/>";
	}
    }
else echo header("location:index.php"); 
}
?>


</div>

<?php
}

[The_Dude_1978]

Maybe I have'nt explained it well enough.

 

This is a part of my administrator page. And I log in as administrator and want to delete pictures of the user i've selected.

 

Kind regards,

 

Martijn

 

 

[Jumpy09]

It looks as if you are missing a few brackets

 

<?php
if(is_array($_POST['deletePic']))
        {  //<-- This is one!
    foreach($_POST['deletePic'] as $num => $id)
    {
	//delete reference in database
?>

 

From what it looks like you have that then have } else { you are also, from what I see, missing one

 

<?php
		echo "Vergeet niet om foto's toe te voegen<br/>";
	}
    }
else echo header("location:index.php"); // <!-- In this area!
}
?>

 

I know brackets are not always needed, but they really do make things look a lot nicer.

 

Also I wouldn't put the $_GET [ "id" ] straight into the Query like that.  ALWAYS use mysql_real_escape_string ( $_GET [ "id" ] ), to prevent SQL Injection, someone could have a field day.

 

If the brackets are not the problem, I'm not entirely sure what is.  I'll keep looking to see if I can spot another problem, but it properly bracketed would go a long way in making it easier to see what portions go where.

[The_Dude_1978]

Hi,

 

I've added the brackets (thank you for that) but i don't get what you mean by:

 

    }	else echo header("location:index.php"); // <!-- In this area!}

 

Seems fine by me and it does function, because when selecting the checkbox en pushing delete directs me to the index.php page.

 

I'm not really an experienced programmer (more like an amature) but i can't get the mysql real escape string to work.

 

But that's not really the problem. I'll rather figure that out later if you don't mind.

 

What the code does is it say's invalid id provided or redirects me to the index.php page if I alter something.

 

The form action also display's the administrator.php?delpic?id=24 but should'nt that just execute the foreach code? It does'nt now, but i know the id number is correct, so the right user is selected, but it say's invalid id provided.

Should I use $_GET instead of $row ?

 

I really don't have much idea's left with my knowledge.

 

Please help me out if someone can!

 

Kind regards,

 

Martijn

[Jumpy09]

} else echo header

 

That just sounds like a nightmare to me.

 

<?php
if ( blah == blah )
{

}
else
{

}

// OR 

if ( blah == blah ) {

} else {

}
?>

 

Also I don't remember header needing to be echoed!

 

<?php
if ( blah === blah ) {
    // Do Something
} else {
    header ( "Location: index.php" );
    exit ;
}
?>

 

Why the exit?  Cause header doesn't stop the code from executing, so it will continue to execute while it's waiting to redirect.  I use it, it is your call.

Header doesn't need to be echoed, not entirely sure if it matters but I've never echoed it out.

 

mysql_real_escape_string works as long as you are using PHP 4.3.0 and above.

 

<?php
//Example

$sql = "SELECT column FROM table WHERE column = '" . mysql_real_escape_string( $_GET [ "id" ]) . "' LIMIT 1";
?>

 

Someone could correct me if I am wrong, but if you are hitting the header redirect and you know you have a valid ID then it is in your if / else statement.

[The_Dude_1978]

Hi There,

 

I've solved my problem. I needed to use the post variable to send along with deletefile.php.

 

Here's what i've did:

 

<?php
}


//action: delete pictures -----------------------------------------------------------------------------
if (isset($_GET['delpic']) && isset($_GET['id'])) {
$id = (int) $_GET['id'];
if ($id == 0) {
	die("Invalid ID provided.");
}

if($_GET['id'])
{
$sql="SELECT `id`, `first`, `last`, `username`, `email`, `about`, `level` from `users` WHERE `id` = '" . mysql_real_escape_string( $_GET [ "id" ]) . "' LIMIT 1";
$res=mysql_query($sql);
$row=mysql_fetch_assoc($res);

if (!isset($_POST['deletePic']))
{
?>
<html>
<head>
<!--[if IE]>
<style type="text/css">
#contact p {
padding-top: 10px;
</style>
<link rel="stylesheet" type="text/css" href="style.css" />
<![endif]-->
<![if !IE]>
<link rel="stylesheet" type="text/css" href="firefox.css" />
<![endif]>
  
  <title><?php echo $_SESSION['username']; ?>'s Management page</title>
</head>

<body>


<div id="vertical">
<div id="wrapper">
<div id="header">
<?php include('../header_sub.php'); ?>
</div>

<a href='index.php'>Index</a> | <a href='administrator.php?add'>Add user</a> | <a href='administrator.php?viewUsers'>Account Management</a><p><strong>You are managing users from the account: <?php echo $_SESSION['username'];?></strong><br /><a href='administrator.php?logout'>Log out</a></p>
<div class="dividerp">

<?php

$sql2 = "SELECT `profile_id`, `title`, `size`, `type`, `reference` FROM user_photos WHERE profile_id = '" . mysql_real_escape_string( $_GET [ "id" ]) . "' LIMIT 1";	$res2 = mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($res2) > 0)
	{
	echo "<br>Klik hier om foto's toe te voegen voor account: ".$row['username']."<br><br><a href=\"administrator.php?editpic&id=".$_GET['id']."\"/>Add Pics</a><br><br>";
	echo "<strong>Als je de account wilt deleten moeten eerst alle foto's verwijderd zijn</strong><br><br>";
	echo "<strong>Delete Pictures for account: ".$row['username']."</strong><br/><br/>";
	echo "<form name=\"deletefile\" method=\"post\" action=\"deletefile.php?username=".$row['username']."&profile_id=".$_GET['id']."\">";

		while($file = mysql_fetch_array($res2))
		{
			echo "<br/><br/><input name=\"files[]\" type=\"checkbox\" value=\"".$file['reference']."\">";
			echo "<a href=\"".$row['username']."/pics/".$file['reference']."\"/>
			<img src=\"".$row['username']."/pics/thumbs/".$file['reference']."\"/></a>";
		}
	echo "<br/><br/><input type=\"submit\" name=\"delfile\" value=\"Delete Files\">";
	echo "</form>";
	}

else
	{
	echo "U heeft geen foto's toegevoegd, wilt u dat alsnog doen, klik dan hieronder om de foto's toe te voegen.<br> Zo niet en het account is niet meer nodig klikt u dan op delete account<br>";
	echo "<br>Klik hier om foto's toe te voegen voor account: ".$row['username']."<br><br><a href=\"administrator.php?editpic&id=".$_GET['id']."\"/>Add Pics</a>";
	echo "<br><br>Bij onderstaande link kunt u de gebruiker verwijderen<br><br><a href=\"administrator.php?delete&id=".$_GET['id']."\"/>Delete Account: </a>".$row['username']."";
	}
    }
else echo header("location:index.php"); 
}
?>
</div>


<div id="footer_users">  
<?php include('../footer_sub.php'); ?>
</div>
</div>
</div>
</body>
</html>

<?php
}

 

And for deletefile.php the following code:

 

<?php
session_start();
echo "<script language=\"Javascript\" type=\"text/javascript\">
	 alert(\"Deleted the selected picutre(s)\")
	 document.location.href='administrator.php?viewUsers'</script>";
include "db_connect.php";

$profile_id = $_GET['profile_id'];       
$username = $_GET['username'];

foreach($_POST['files'] as $num => $id)
{

	//delete reference in database
	@mysql_query("DELETE FROM user_photos WHERE profile_id='$profile_id' AND reference='$id'"); 
	unlink($username ."/pics/". $id); //delete pic in directory
	unlink($username ."/pics/thumbs/". $id); //delete thumbnail
}

?>

 

Thank you Jumpy for your help!!