[SOLVED] Deleting Files via HTML form - Error

[winmastergames]

I am trying to learn the $_GET Function and I looked online to learn it and now i kind of see how it works but when i tried to make a script that deletes a file that is typed into a form it comes up with a error can you please find out whats wrong so i know for next time i try to use the $_GET function

Here is my scripts

 

index.html

<form action="delete-the-file.php" method="get">
File to delete: <input type="text" name="filename" />
<input type="submit" />
</form>

 

delete-the-file.php

<?php
   if (unlink($_GET["filename"])) {
      print "Deleted $_GET["filename"]!\n";
   } else {
      print "Delete of $_GET["filename"] failed!\n";
   }
?>

 

But it comes up with this error??

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\filedeleteform\delete-the-file.php on line 3

[trq]

<?php
   if (unlink($_GET["filename"])) {
      print "Deleted {$_GET['filename']}!\n";
   } else {
      print "Delete of {$_GET['filename']} failed!\n";
   }
?>

[winmastergames]

Thanks such a simple problem

[trq]

You do realise your code is extremely insecure and could enable people to remove your entire website? Maybe even your entire server?

[winmastergames]

How will i be able to make it secure then?

[trq]

You'll probably only want files within a certain directory to be able to be removed. eg;

 

<?php
   if (unlink('public/' . $_GET["filename"])) {
      print "Deleted {$_GET['filename']}!\n";
   } else {
      print "Delete of {$_GET['filename']} failed!\n";
   }
?>