Jump to content

Problem deleting from sql database - but same script works on other site?

Edward

By Edward
in PHP Coding Help

 Share

Recommended Posts

Edward Regular Member

Edward

Posted
Posted

 

Hi,

 

I have used this script I made to delete files from a server and simultaneously remove information about the file from a database. I have uploaded the same script to a new website and it no longer works. The file does get deleted but the database line doesn't get removed. I can tell where it's going wrong by the error custom error message 'echo'ed on the page ("your file was only partially uploaded"), but I really don't know why. Please can anyone help??

 

delete_a_file.php

function form() {
connect_to_mysql();
if ($errors) {
	echo $errors;
} else {
	$id = mysql_real_escape_string($_GET['id']);
	$sql = 'SELECT * FROM files WHERE id = "'.$id.'" ORDER BY name ASC LIMIT 1;';
	if ($result = mysql_query($sql)) {
		$row_count = mysql_num_rows($result);
		if ($row_count == '1') {
			while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
				$id = $row['id'];
				$path = $row['path'];
				$file = $row['name'];
				$extension = $row['extension'];
				$type = $row['type'];
				$size = (round($row['size'] * 0.0009765625));
				$description = $row['description'];
				$uploader = $row['uploader'];
				$uploaded_datestamp_display = $row['uploaded_datestamp_display'];
			}
			echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
			echo '<p>Are you sure you want to delete this file <b>forever</b>? This action cannot be undone.</p>';
			echo '<p>&nbsp<p><a href="'.$path.$id.$extension.'" target="blank">'.$file.$extension.'</a> ('.$size.'kb)</p>';
			echo '<p>';
			if ($description == '') {
			echo 'No description was given for this file.<br />';
			} else {
			echo $description.'<br />';
			}
			echo '</p>';
			echo '<p>Uploaded by '.$uploader.' on '.$uploaded_datestamp_display.'</p>';
			echo '<input type="hidden" name="id" value="'.$id.'" />';
			echo '<p>&nbsp<p><input type="submit" name="submit" value="Delete File" /></p>';
			echo '</form>';
		}
	}
}
mysql_close();
}
if (isset($_POST['submit'])) {
connect_to_mysql();
if ($errors) {
	echo '<div>Sorry, the following errors were encountered:';
	echo $errors;
	echo '</div>';
	echo '<p><hr width="100%" size="1" color="#CCCCCC" /></p>';
	form();
} else {
	# Delete file
	$id = mysql_real_escape_string($_POST['id']);
	$sql = 'SELECT * FROM files WHERE id = \''.$id.'\' ORDER BY name ASC LIMIT 1;';
	echo '<p>sql: '.$sql.'</p>';
	$result = mysql_query($sql);
	$row_count = mysql_num_rows($result);
	echo '<p>row count: '.$row_count.'</p>';
	if ($row_count == '1') {
		while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
			$id = $row['id'];
			$path = $row['path'];
			$extension = $row['extension'];
		}
		# Delete the file
		if (unlink("$path$id$extension")) {
			$sql_2 = 'DELETE FROM files WHERE id = \''.$id.'\' ORDER BY id ASC LIMIT 1;';
			echo '<p>sql 2: '.$sql_2.'</p>';
			if ($result_2 = mysql_query($sql_2)) {
				echo '<p>Your file has been deleted.</p>';
			} else {
				echo '<p>Unfortunately your file was only partially deleted.</p>';
			}
		} else {
			echo '<p>Unfortunately your file could not be deleted. Please try again later.</p>';
		}
	} else {
		header('Location: home.php');
	}
}
mysql_close();
} else {
if (isset($_GET['id'])) {
	form();
} else {
	header('Location: home.php');
}
}

 

Edward Regular Member

Edward

Posted
  • Author
Posted

 

Thanks btherl! The error was with the sql_2 line, I guessed it was because I was using 'ORDER BY' in a 'DELETE' request, so I amended the sql_2 line as follows and it works:

 

$sql_2 = 'DELETE FROM files WHERE id = \''.$id.'\' LIMIT 1;';
$result_2 = mysql_query($sql_2) or die("Error in $sql\n" . mysql_error());

 

Is there any way to incorporate the error part of the above code into an 'if' clause, like I had previously? (see below)

if ($result_2 = mysql_query($sql_2)) {
echo '<p>Your file has been deleted.</p>';
} else {
echo '<p>Unfortunately your file was only partially deleted.</p>';
}

 

 

btherl Member

btherl

Posted
Posted

Glad to hear it helped :)  I would recommend you do it like this, as you don't want to expose such information to a user who may be a potential hacker:

 

if ($result_2 = mysql_query($sql_2)) {
echo '<p>Your file has been deleted.</p>';
} else {
echo '<p>Unfortunately your file was only partially deleted.  The webmaster has been notified of the problem.</p>';
        $msg = "Query $sql_2 failed!  The error was " . mysql_error();
        mail ('admin@host.com', "Query failure!", $msg);
}

 

For debugging purposes though, you can just put this inside the else:

 

print "Error in $sql\n" . mysql_error();

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.