Jump to content

Problem deleting from sql database - but same script works on other site?

Edward

By Edward
in PHP Coding Help

Recommended Posts

Edward Regular Member

Edward

Posted
Posted

 

Hi,

 

I have used this script I made to delete files from a server and simultaneously remove information about the file from a database. I have uploaded the same script to a new website and it no longer works. The file does get deleted but the database line doesn't get removed. I can tell where it's going wrong by the error custom error message 'echo'ed on the page ("your file was only partially uploaded"), but I really don't know why. Please can anyone help??

 

delete_a_file.php

function form() {
connect_to_mysql();
if ($errors) {
	echo $errors;
} else {
	$id = mysql_real_escape_string($_GET['id']);
	$sql = 'SELECT * FROM files WHERE id = "'.$id.'" ORDER BY name ASC LIMIT 1;';
	if ($result = mysql_query($sql)) {
		$row_count = mysql_num_rows($result);
		if ($row_count == '1') {
			while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
				$id = $row['id'];
				$path = $row['path'];
				$file = $row['name'];
				$extension = $row['extension'];
				$type = $row['type'];
				$size = (round($row['size'] * 0.0009765625));
				$description = $row['description'];
				$uploader = $row['uploader'];
				$uploaded_datestamp_display = $row['uploaded_datestamp_display'];
			}
			echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
			echo '<p>Are you sure you want to delete this file <b>forever</b>? This action cannot be undone.</p>';
			echo '<p>&nbsp<p><a href="'.$path.$id.$extension.'" target="blank">'.$file.$extension.'</a> ('.$size.'kb)</p>';
			echo '<p>';
			if ($description == '') {
			echo 'No description was given for this file.<br />';
			} else {
			echo $description.'<br />';
			}
			echo '</p>';
			echo '<p>Uploaded by '.$uploader.' on '.$uploaded_datestamp_display.'</p>';
			echo '<input type="hidden" name="id" value="'.$id.'" />';
			echo '<p>&nbsp<p><input type="submit" name="submit" value="Delete File" /></p>';
			echo '</form>';
		}
	}
}
mysql_close();
}
if (isset($_POST['submit'])) {
connect_to_mysql();
if ($errors) {
	echo '<div>Sorry, the following errors were encountered:';
	echo $errors;
	echo '</div>';
	echo '<p><hr width="100%" size="1" color="#CCCCCC" /></p>';
	form();
} else {
	# Delete file
	$id = mysql_real_escape_string($_POST['id']);
	$sql = 'SELECT * FROM files WHERE id = \''.$id.'\' ORDER BY name ASC LIMIT 1;';
	echo '<p>sql: '.$sql.'</p>';
	$result = mysql_query($sql);
	$row_count = mysql_num_rows($result);
	echo '<p>row count: '.$row_count.'</p>';
	if ($row_count == '1') {
		while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
			$id = $row['id'];
			$path = $row['path'];
			$extension = $row['extension'];
		}
		# Delete the file
		if (unlink("$path$id$extension")) {
			$sql_2 = 'DELETE FROM files WHERE id = \''.$id.'\' ORDER BY id ASC LIMIT 1;';
			echo '<p>sql 2: '.$sql_2.'</p>';
			if ($result_2 = mysql_query($sql_2)) {
				echo '<p>Your file has been deleted.</p>';
			} else {
				echo '<p>Unfortunately your file was only partially deleted.</p>';
			}
		} else {
			echo '<p>Unfortunately your file could not be deleted. Please try again later.</p>';
		}
	} else {
		header('Location: home.php');
	}
}
mysql_close();
} else {
if (isset($_GET['id'])) {
	form();
} else {
	header('Location: home.php');
}
}

 

Edward Regular Member

Edward

Posted
  • Author
Posted

 

Thanks btherl! The error was with the sql_2 line, I guessed it was because I was using 'ORDER BY' in a 'DELETE' request, so I amended the sql_2 line as follows and it works:

 

$sql_2 = 'DELETE FROM files WHERE id = \''.$id.'\' LIMIT 1;';
$result_2 = mysql_query($sql_2) or die("Error in $sql\n" . mysql_error());

 

Is there any way to incorporate the error part of the above code into an 'if' clause, like I had previously? (see below)

if ($result_2 = mysql_query($sql_2)) {
echo '<p>Your file has been deleted.</p>';
} else {
echo '<p>Unfortunately your file was only partially deleted.</p>';
}

 

 

btherl Member

btherl

Posted
Posted

Glad to hear it helped :)  I would recommend you do it like this, as you don't want to expose such information to a user who may be a potential hacker:

 

if ($result_2 = mysql_query($sql_2)) {
echo '<p>Your file has been deleted.</p>';
} else {
echo '<p>Unfortunately your file was only partially deleted.  The webmaster has been notified of the problem.</p>';
        $msg = "Query $sql_2 failed!  The error was " . mysql_error();
        mail ('[email protected]', "Query failure!", $msg);
}

 

For debugging purposes though, you can just put this inside the else:

 

print "Error in $sql\n" . mysql_error();

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.