[SOLVED] File Deletion

[mcmuney]

This code below is taking an id and deleting the DB row associated. What I'd like to do before this happens is to pull the data in that row and first delete the file, then delete the record. How can that be achieved?

 

$id = addslashes(trim($_GET['id']));

if ($id != "") {
$id2 = $_GET['id'];
$sql2 = mysql_query("DELETE FROM images WHERE id = '$id2'");
}

[interpim]

Im not seeing what type of file you are referring to... Is the db referring to a directory with files in it?

[mcmuney]

The DB has the folder the file is located in. The filename is the row id + .jpg.

[interpim]

run your query to retrieve the row in your database, assign the path of the file to a variable then unlink($file);

after that you can delete the row from your database

[cooldude832]

that is a very poor query first off because its only verifying that the item is okay to delete, not who initalizied the delete (like is it the right user?) So try something more like

<?php
$id = addslashes(trim($_GET['id']));
$userid = ""; #Supply a user name or some thing else important!
$q = "Select filename as filename, folder as folder, `id` as imgid from `images` where `id` = '".$id."' and OwnerID = '".$userid."'";
$r = mysql_query($q) or die(mysql_error()."<Br /><br />".$q);
if(mysql_num_rows($q) >0){
$row = mysql_fetch_assoc($r);
   $path = $row['folder']."/".$row['filename'];
    if(unlink($path)){
             $q = "Delete from `images` where `id` = '".$row['imgid']."'";
              $r = mysql_query($r) or die(mysql_error()."<br /><br />".$q);
              //we are done
     }
     else{
            //Invalid image path
     }
}
else{
     //Invalid ID and or UserID
}
?>

 

 

That is a much safe version just update the fields (userid, folder, file) and the userid original value.

[mcmuney]

Thanks. That solved it. It's not checking for users, because another portion of the code displays delete options based on IP address. This is another issue since it should be driven by cookie and not IP.

[cooldude832]

Thanks. That solved it. It's not checking for users, because another portion of the code displays delete options based on IP address. This is another issue since it should be driven by cookie and not IP.

 

Your wrong both ways you should drive it by who uploaded the image or who has the permission to delete it, cause you are using get anyone could mark in and theoretically delete an image, I can make your server think my IP is anything I want it to.

[mcmuney]

Hmm, that's interesting. I didn't know you can do that. Anyhow, I'm working to change to using cookies instead. I can't use users it's a free image hosting site without registration. I suppose cookies would be the best way to go?

[mcmuney]

Hey, now I'm try to delete a directory, but I get, "Directory not empty" error. How can I delete the directory and it's content? I'm using this code:

 

rmdir($paththumbs);