PHP & MySQL delete image link problem
Question
I'm trying to create a delete image link if the image is present and when the user clicks the delete image link it should delete the image. But for some reason this is not working can someone help me fix the delete image link problem? Thanks!
Here is the PHP code.
if (isset($_POST['delete_image'])) {
$img_dir = "../members/" . $user_id . "/images/thumbs/";
$img_thmb = "../members/" . $user_id . "/images/";
$image_name = $row['image'];
if(file_exists($img_dir . $image_name)){
if(unlink($img_dir.$image_name) && unlink($img_thmb.$image_name)){
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli, "DELETE FROM users* WHERE image_id = '.$image_id.' AND user_id = '$user_id'");
}else{
echo '<p class="error">Sorry unable to delete image file!</p>';
}
}
}
if(isset($_POST['image']) || !empty($image)) {
echo '<a href="'. $_POST['delete_image'] .'">Delete Image</a>';
}
2 answers
solution1
0 2010-04-16 20:51:44
"DELETE FROM users* WHERE image_id = '.$image_id.' AND user_id = '$user_id'"
should be
"DELETE FROM users WHERE image_id = $image_id AND user_id = $user_id"
This is assuming $image_id and $user_id are both integers. If they're strings, put the single quotes around them.
Also, double check your link:
<a href="'. $_POST['delete_image'] .'">Delete Image</a>
Is the user really passing in the link via POST?
Your code is vulnerable to SQL injection attacks. Please consider using parametrized queries.
solution2
0 2010-04-19 12:19:48
"DELETE FROM users WHERE image_id = $image_id AND user_id = $user_id"
And also
$path = "Your Image folder Path"; $image_name = "Your Image Name";
unlink($path."$image_name);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.