PHP 删除帖子ID相关的图片
[英]PHP delete image related to post ID
问题描述
Okay so I have an ajax request that leads to a file called inc/ajax/del_images.php which delete's the image a user selected to delete
好的,所以我有一个 ajax 请求,该请求导致一个名为 inc/ajax/del_images.php 的文件删除了用户选择删除的图像
Edit_post.php:编辑_post.php:
<form class="form-control" action="" autocomplete="off" method="post" enctype="multipart/form-data">
<img id="img" src="some url from database">
<button id="delete-img" data-id="W12kwd2">Delete img</button>
<img id="img" src="some url from database">
<button id="delete-img" data-id="T93pm3P">Delete img</button>
</form>
data-id is the id of the img in the database table Also images and buttons and gen from php which i didnt include as it adds no value to post data-id是数据库表中 img 的 id还有来自 php 的图像和按钮以及 gen 我没有包括在内,因为它没有增加发布的价值
Ajax on edit_post:编辑帖子上的 Ajax:
$("#delete-img").on('click', function() {
$.ajax({
url: 'inc/ajax/del_images.php',
type: "POST",
data: {
img_id: $(this).attr("data-id")
},
cache: false,
success: function(result){
console.log(result);
}
});
)};
Then in del_images.php :然后在del_images.php :
session_start();
if(isset($_POST['img_id'])){
//image id
$iid = $_POST['img_id'];
//let's check if this image id is valid/in the database
require("conn_user.php");
$stmt = $conn->prepare("SELECT * FROM `images` WHERE `ID` = ?");
$stmt->bind_param("s", $iid);
$stmt->execute();
$stmt_results = $stmt->get_result(); // get result
$row_get = $stmt_results->fetch_assoc();
if($stmt_results->num_rows > 0){
//img with the id was found
//now check if the current user is the owner of post with post[ID] related to the image[ID]
$stmt = $conn->prepare("SELECT * FROM `posts` WHERE `ID` = ?");
$stmt->bind_param("s", $row_get['post_id']);
$stmt->execute();
$stmt_results = $stmt->get_result(); // get result
$row_get_post = $stmt_results->fetch_assoc();
if($stmt_results->num_rows > 0){
//post was found lets check $_SESSION with poster id(in DB)
if($_SESSION['uid'] == $row_get_post['poster_id']){
//this means the current user is the owner of post aswell as the image
//now delete the image cuz the user is the owner which means its safe
$stmt = $conn->prepare("DELETE FROM `images` WHERE ID = ?");
$stmt->bind_param("s", $iid);
$stmt->execute();
$delete_results = $stmt->store_results(); // get result
if($delete_results->affected_rows == 1){
//image was deleted return info so page
print_r('image deleted!');
}else{
print_r('image could not be deleted!');
}
}else{
//id didnt match prop a hacker so force kick and admin review
//code removed for this post
}
}else{ //post not found this will never happen but if it does just add error output }
}else{
//img not found please tell the user
//this code was removed for simplicity of the post
}
}
MY DATABASES:我的数据库:
images table图像表
| ID | post_ID | url |
| :--------:| :--------:|:--------:|
| W12kwd2 | 1 | mNDNJD3324kmWD382n3r.png |
| T93pm3P | 1 | In3u2n329dnjJDEJKDde.jpg |
| Wo90dmp | 2 | JNMduwio3232ndsakdew.jpeg|
posts table帖子表
| ID | post_title | poster_id |
| :--------: | :--------: |:--------: |
| 1| What a title | 1 |
| 2| Can you code?| 1|
| 3| Ajax, why and how | 4 |
MY ISSUE:我的问题:
The issue
So another user can't delete another users image cuz i am check that they are the owner of the post of which the image is related too but lets say the user is busy editing post 1 the edit post url will look like this edit_post?post_id=1 which is fine but the user can in the buttons data-id insert the id of images related to post ID 2 and delete them cuz he is the owner of post ID 2 aswell(you can see it from db example) now first i think lets just get the id from the url but any idiot who knows how frontend works will be able to check the js to just insert the value they want for the url id= so how can i limit this so that a user can only delete the images of the post that they are currently editing without having to work with a frontend supply id所以另一个用户不能删除另一个用户的图像,因为我正在检查他们是否也是与图像相关的帖子的所有者,但可以说用户正忙于编辑帖子 1 编辑帖子 url 看起来像这样 edit_post?post_id = 1 这很好,但用户可以在按钮data-id中插入与post ID 2相关的图像的 ID 并删除它们,因为他也是帖子 ID 2 的所有者(您可以从 db 示例中看到它)现在首先我想想让我们从 url 获取 id,但是任何知道前端如何工作的白痴都可以检查 js 以插入他们想要的 url id=的值,所以我该如何限制这个,以便用户只能删除他们当前正在编辑的帖子的图像,而无需使用前端供应 ID
i tough maybe to use a $_SESSION['current_edit'] = "current id of post which they clicked edit on" but the issue leads what is they have multi tabs cuz they editing more that one post I know i need to work with some type of supplied id but how can i lock it down so that users can't delete images of other posts they own while editing another post.我可能很难使用 $_SESSION['current_edit'] = “他们点击编辑的帖子的当前 ID”,但问题导致他们有多个标签,因为他们编辑的帖子比我知道我需要处理的更多提供的 ID 类型,但我如何将其锁定,以便用户在编辑另一个帖子时无法删除他们拥有的其他帖子的图像。
FOOTER NOTE* if I need to supply more info and edit the post to be more clear of more specific please tell me and i will do it as i know StackOverflow is a clean and well maintained site ~ Have a great day:)页脚注* 如果我需要提供更多信息并编辑帖子以更具体地说明,请告诉我,我会这样做,因为我知道 StackOverflow 是一个干净且维护良好的网站〜祝你有美好的一天:)
1 个解决方案
解决方案1
0 2022-01-27 17:56:00
delete image from folder PHP 从文件夹 PHP 中删除图像
This post may help you.这篇文章可能会对你有所帮助。
What you need to do.你需要做什么。
- query the id from database with ajax使用 ajax 从数据库中查询 id
- then fetch the url column.然后获取 url 列。
- Delete the file by unlinking the url line you called to whatever your file system is.通过取消您调用的 url 行与您的文件系统的链接来删除文件。
That's all the process.这就是所有的过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.