Jump to content
sagar_24

Delete files with same prefix name but different extensions-php

Recommended Posts

I want to delete files(Image File) with different extensions(like jpg,png) having same name.
I don't know what's wrong My code seems alright.
Here I'm taking the file name from HTML
    HTML:
    
    <a href="123.php?file=2"><button class="btn2">Delete File:2</button></a>
    
    PHP:
    
    <?php
    
    $base_directory = 'uploads/';
    if(unlink($base_directory.$_GET['file*.*']))
        echo "File Deleted.";
    ?>

And I've even tried passing the extensions through HTML as well, which felt quite alright too. But didn't work at all Please shed some light on what seems to be the problem would appreciate it.

 HTML:
    <a href="123.php?file=2.jpg && file=2.png"><button class="btn2">Delete 
    File:2</button></a>


    PHP:

    <?php

    $base_directory = 'uploads/';
    if(unlink($base_directory.$_GET['file']))
    echo "File Deleted.";
    ?>

 

Share this post


Link to post
Share on other sites

Not that I condone this style of coding but how about this:

 

if(unlink($base_directory.$_GET['file'] . '*.*'))

Share this post


Link to post
Share on other sites

I don't believe unlink() works with patterns, so glob + loop + unlink.

Share this post


Link to post
Share on other sites

 

Not that I condone this style of coding but how about this:

if(unlink($base_directory.$_GET['file'] . '*.*'))

Right when i saw this i was sure this is what i wanted 

unfortunately it didn't work

thanks for replying though

Share this post


Link to post
Share on other sites

I don't believe unlink() works with patterns, so glob + loop + unlink.

My first try was with glob but in my case glob wasn't able to locate the directory so i went ahead with this 

could you give me a link or example or glob similar to my case

appreciate the reply

Share this post


Link to post
Share on other sites

This script will delete anything the user asks for as long as the webserver has permissions to do so. Since a lot of web applications are both running under and owned by the same webserver account, this means a user can probably wipe your entire document root – and maybe more.

 

Do – not – trust – user – input. Do not let it anywhere near a file path, unless you've extensively validated the input and made sure it's harmless. Using GET requests to delete data is also a very bad idea, because this violates the HTTP protocol. GET is strictly for getting data (hence the name) and mustn't have any side effects. If you break that assumption, you quickly end up with accidental deletions due to page reloads, bookmarks etc. On top of that, your code is wide open to CSRF attacks, which means that more or less everybody can freely delete files on your server.

 

Learn the basics of HTTP, especially the meaning of GET and POST. Understand that the WWW is a public infrastructure with a lot of hostile activity. Even if you think your website is restricted to a handful of users, that's not actually the case. The script you've shown can be attacked by anybody who has read a few Wikipedia articles.

  • Like 1

Share this post


Link to post
Share on other sites

This script will delete anything the user asks for as long as the webserver has permissions to do so. Since a lot of web applications are both running under and owned by the same webserver account, this means a user can probably wipe your entire document root – and maybe more.

 

Do – not – trust – user – input. Do not let it anywhere near a file path, unless you've extensively validated the input and made sure it's harmless. Using GET requests to delete data is also a very bad idea, because this violates the HTTP protocol. GET is strictly for getting data (hence the name) and mustn't have any side effects. If you break that assumption, you quickly end up with accidental deletions due to page reloads, bookmarks etc. On top of that, your code is wide open to CSRF attacks, which means that more or less everybody can freely delete files on your server.

 

Learn the basics of HTTP, especially the meaning of GET and POST. Understand that the WWW is a public infrastructure with a lot of hostile activity. Even if you think your website is restricted to a handful of users, that's not actually the case. The script you've shown can be attacked by anybody who has read a few Wikipedia articles.

Thanks You so much for the info sir

and as i'm a noob i'll surely understand security norms of http as time goes

But for now this is just a college project that i'm working on and the real life implementation only requires  the admin to make all changes 

that's the reason i'm not concerned with my script security here 

But i do appreciate the knowledge

Share this post


Link to post
Share on other sites

My first try was with glob but in my case glob wasn't able to locate the directory so i went ahead with this 

could you give me a link or example or glob similar to my case

appreciate the reply

If you want an example then the documentation is a great place to look.

Share this post


Link to post
Share on other sites

But for now this is just a college project [...]

 

If I got a dollar every time somebody says this, I would be a rich man.

 

I don't know what kind of college is this, but my professors actually checked my work and would have immediately rejected a submission which doesn't even survive the most basic tests. This is not just wrong. It shows a fundamental misunderstand of programming basics.

Share this post


Link to post
Share on other sites

If I got a dollar every time somebody says this, I would be a rich man.

 

I don't know what kind of college is this, but my professors actually checked my work and would have immediately rejected a submission which doesn't even survive the most basic tests. This is not just wrong. It shows a fundamental misunderstand of programming basics.

Haha You'll be rich anyways.

I know the college is too bad to care

But this project is like a notice board to keep students updated so only the admin will have the ip or access to do it 

and so not to misunderstand any basics i'm using glob instead of get now

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.