Jump to content

upload works but can not delete file due to spaces.. i think

jasonc

By jasonc
in PHP Coding Help

Recommended Posts

jasonc Advanced Member

jasonc

Posted
Posted

the following code for some reason puts a _ in place of the .

 

the files in the directory are named ok, file1.jpg file2.jpg and so on.

 

the source code prior to clicking the delete button shows all the files correctly formed.

 

the uploaddir is also correct. just the . being changed to a _

 

why would that be?

 

this is my upload and delete file.

 

 

<?

$uploaddir = "/home/mysite/public_html/images";

include("dbconfigfile.php");

if ($_POST['d'] == "1") {

foreach($_POST as $key => $val) {

if ($key != "*.*" && $key != "*" && $key != "d") {

// delete file name only from images-filename, but... if the imagelocation is empty then delete the whole entry line from DB.

//delete file from folder if exists !

unlink($uploaddir . $key);

echo($uploaddir . $key."<br><br><br><br>");

echo($key.' Deleted<br>');

mysql_query("DELETE FROM `images` WHERE `filename` ='" . $key . "' LIMIT 1;") or die(mysql_error());

}

}

echo("files are not really deleted yet, still working on it.");

} else {

?><p align="center">Please note that if you upload a file with the same name as another file you have uploaded, this new file will over write the old file.</p><p align="center">Your Existig Files...</p><p align="center">

<? $dh = opendir($uploaddir);

?><form name="form1" method="post" action=""><input name="d" type="hidden" value="1"><?

while (false !== ($filename = readdir($dh))) {

$ext = getFileExtension($filename);

if(in_array($ext, $allowed)) {

?><input type="submit" name="<?=$filename;?>" value="DELETE"> <?=$filename;?><br><?

}

}

?></form></p>

<form action="" method="POST" enctype="multipart/form-data">

<table width="444" height="218" border="1" align="center">

<tr align="center">

<td height="152" colspan="2">

<? if(isset($_REQUEST['submit']) && $_FILES['imgfile']['name'] != "") {

$file = $_FILES['imgfile']['name']; $tmp_file = $_FILES['imgfile']['tmp_name']; $size = $_FILES['imgfile']['size'];

$upload = $uploaddir . $file; $ext = getFileExtension($file);

if(!in_array($ext, $allowed)) { echo "ERROR: Invalid file extension.";

} elseif (move_uploaded_file($tmp_file, $upload)) {

// set info about image in mysql

$update = mysql_query("INSERT INTO `images` (`imagelocation` , `filename`, `uploadedby`) VALUES ('', '" . $file . "', '" . $_SESSION['adminusername'] . "')") or die(mysql_error());

echo $file."<br>Upload successfully!<br>";

} else { echo "Image upload failed.";

}

} else { echo("No file uploaded");

} ?>

</td>

</tr>

<tr><td height="28" colspan="2"><div align="right"><input type="file" name="imgfile"><input type="hidden" name="MAX_FILE_SIZE" value="20000"></div></td></tr>

<tr><td width="372" height="28"><p>.doc .gif .jpg .wma .mp3 .pdf .ppt .pub .rtf .txt .zip      only</p></td><td width="56"><input name="submit" type="submit" value="Upload"></td></tr>

</table>

</form>

<? }

} ?>

jasonc Advanced Member

jasonc

Posted
  • Author
Posted

thanks

 

i have taken a look at php.net/mysql_real_escape_string

 

not real sure what i am doing in this case using mysql_real_escape_string

 

i have data posted and just placed straight into the database seems this is not the way to do it?

 

if i am right i have to use this to place the data in and again use it to verify that the data in the database is the same as what i am looking for?

 

 

INSERT INTO `stuff` (`field1`, `field2`) VALUES ('mysql_real_escape_string($data1)', 'mysql_real_escape_string($data2));

 

then

 

SELECT * from `stuff` WHERE `field1` = 'mysql_real_escape_string($data1)');

 

 

?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.