Thread: PHP mySQL help please folks
View Single Post
  #3 (permalink)  
Old 04-08-10, 05:00 PM
wirehopper's Avatar
wirehopper wirehopper is offline
-
  
Join Date: Feb 2006
Posts: 2,515
Thanks: 20
Thanked 109 Times in 106 Posts
Quote:
The image file it self is stored in a file ../user_image/username/file.ext and the file name with user id and image id is stored in the mySQL e.g.

id = 2
uid = 1
filename = file.ext
unlink('../user_image/'.$username.'/'.$filename);

DELETE FROM `table` WHERE `id`=$_GET['id'] AND `uid`=$_GET['uid'];

PHP: unlink - Manual
MySQL :: MySQL 5.5 Reference Manual :: 12.2.2 DELETE Syntax

echo '<a href="delete.php?id='.$row['id'].'&uid='.$row['uid'].'>Delete</a>';

This isn't a secure approach, you must validate that id and uid are all numeric, to avoid SQL injection.

if (is_numeric($_GET['id']) && is_numeric($_GET['uid']))

can be used to test if the input is made up of numbers.

PHP: is_numeric - Manual
Reply With Quote