mcmuney Posted January 16, 2008 Share Posted January 16, 2008 This code below is taking an id and deleting the DB row associated. What I'd like to do before this happens is to pull the data in that row and first delete the file, then delete the record. How can that be achieved? $id = addslashes(trim($_GET['id'])); if ($id != "") { $id2 = $_GET['id']; $sql2 = mysql_query("DELETE FROM images WHERE id = '$id2'"); } Quote Link to comment Share on other sites More sharing options...
interpim Posted January 16, 2008 Share Posted January 16, 2008 Im not seeing what type of file you are referring to... Is the db referring to a directory with files in it? Quote Link to comment Share on other sites More sharing options...
mcmuney Posted January 16, 2008 Author Share Posted January 16, 2008 The DB has the folder the file is located in. The filename is the row id + .jpg. Quote Link to comment Share on other sites More sharing options...
interpim Posted January 16, 2008 Share Posted January 16, 2008 run your query to retrieve the row in your database, assign the path of the file to a variable then unlink($file); after that you can delete the row from your database Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted January 16, 2008 Share Posted January 16, 2008 that is a very poor query first off because its only verifying that the item is okay to delete, not who initalizied the delete (like is it the right user?) So try something more like <?php $id = addslashes(trim($_GET['id'])); $userid = ""; #Supply a user name or some thing else important! $q = "Select filename as filename, folder as folder, `id` as imgid from `images` where `id` = '".$id."' and OwnerID = '".$userid."'"; $r = mysql_query($q) or die(mysql_error()."<Br /><br />".$q); if(mysql_num_rows($q) >0){ $row = mysql_fetch_assoc($r); $path = $row['folder']."/".$row['filename']; if(unlink($path)){ $q = "Delete from `images` where `id` = '".$row['imgid']."'"; $r = mysql_query($r) or die(mysql_error()."<br /><br />".$q); //we are done } else{ //Invalid image path } } else{ //Invalid ID and or UserID } ?> That is a much safe version just update the fields (userid, folder, file) and the userid original value. Quote Link to comment Share on other sites More sharing options...
mcmuney Posted January 16, 2008 Author Share Posted January 16, 2008 Thanks. That solved it. It's not checking for users, because another portion of the code displays delete options based on IP address. This is another issue since it should be driven by cookie and not IP. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted January 16, 2008 Share Posted January 16, 2008 Thanks. That solved it. It's not checking for users, because another portion of the code displays delete options based on IP address. This is another issue since it should be driven by cookie and not IP. Your wrong both ways you should drive it by who uploaded the image or who has the permission to delete it, cause you are using get anyone could mark in and theoretically delete an image, I can make your server think my IP is anything I want it to. Quote Link to comment Share on other sites More sharing options...
mcmuney Posted January 16, 2008 Author Share Posted January 16, 2008 Hmm, that's interesting. I didn't know you can do that. Anyhow, I'm working to change to using cookies instead. I can't use users it's a free image hosting site without registration. I suppose cookies would be the best way to go? Quote Link to comment Share on other sites More sharing options...
mcmuney Posted January 16, 2008 Author Share Posted January 16, 2008 Hey, now I'm try to delete a directory, but I get, "Directory not empty" error. How can I delete the directory and it's content? I'm using this code: rmdir($paththumbs); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.