PHP mySQL help please folks

blackhawkso · #1 (**permalink**) 04-08-10, 03:03 PM

Hey folks

I've got an image hosting site and i want to give people the option to delete an image they have uploaded by just clicking an X next to the image.

The image file it self is stored in a file ../user_image/username/file.ext and the file name with user id and image id is stored in the mySQL e.g.

id = 2
uid = 1
filename = file.ext

Please help

blackhawkso · #2 (**permalink**) 04-08-10, 04:13 PM

Just thought it might be helpful if i showed you my php for the view page where i would be putting the option to delete files

PHP Code:


			
<?php

include('../session/session.php');

if (!$_SESSION["valid_id"])
{
    Header("Location: ../login/");
} else {

include('../config/config.php');


$con = mysql_connect($host,$dbuser,$dbpass);
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }
      mysql_select_db ("DB_NAME");
     
     $location = '../user_image/' .$username. '/';
     
echo'
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>FREESIGHOSTING.NET // ' .$username. ' IMAGES</title>
<link rel="icon" href="../design/logo.jpg" />
<link rel="shortcut icon" href="../design/logo.jpg" />
<style type="text/css">
<!--
#main_text {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 24px;
    text-align: center;
}
#copyright {
    text-align: center;
    color: #CCC;
    font-family: Arial, Helvetica, sans-serif;
    font-size: 10px;
}
#leftside {
    text-align: center;
    font-size: medium;
    color: #FFF;
}
#rightside {
    text-align: center;
    font-size: medium;
    color: #FFF;
}
#leftside #leftside {
    font-family: Arial, Helvetica, sans-serif;
}
#rightside #rightside {
    font-family: Arial, Helvetica, sans-serif;
}
#tumb {
    max-width: 200px;
    max-height: 200px;
    width; expression(this.width > 200 ? "200px" : true);
    height; expression(this.height > 200 ? "200px" : true);
    border-style; none;
}
-->
</style>
</head>

<body bgcolor="#000000">
<center>
  <table width="800" border="0">
    <tr>
      <td><img src="http://www.hotscripts.com/forums/design/logo.jpg" width="800" height="200" alt="FREESIGHOSTING.NET LOGO" /></td>
    </tr>
    <tr>
      <td height="5"></td>
    </tr>
    <tr>
      <td><center><br /><font color="#CCCCCC" size="14px" id="main_text">Welcome to freesighosting.net</font>
      
        <br />
        <br /></center>
        <table width="100%" border="0">
          <tr>
            <td colspan="2"><center><font color="#ffffff" face="Arial, Helvetica, sans-serif"><strong>' .$username. ' Images</strong></font></center></td>
          </tr>
          <tr>
          <td align="center" id="leftside"><br /><a href="http://www.hotscripts.com/forums/member/member_cp.php"><font face="Arial" color="#FFFFFF">Go back to members area</font></a><br /><br /></td>
          <td align="center" id="rightside"><br /><a href="http://www.hotscripts.com/forums/upload/index.html"><font face="Arial" color="#FFFFFF">Upload new sig</font></a><br /><br /></td>
          </tr>';
          
          $images = mysql_query("SELECT * FROM images WHERE uid='$id'");
          
          while ($row = mysql_fetch_assoc($images))
          {
            echo '<tr>
            <td width="50%" align="center"><a href="' .$location.$row['filename']. '" target="_blank" border="0"><img src="' .$location.$row['filename']. '" id="tumb" border="0"></a><br /><br /></td>
            <td width="50%" align="center"><input name="" type="text" value="http://www.freesighosting.info/user_image/' .$username. '/' .$row['filename']. '" readonly="true" size="87" maxlength="85" onClick=select()><br /><br /></td>
          </tr>';
          }
          echo'
          
        </table>
<br /><br /></td>
    </tr>
    <tr>
      <td height="5"></td>
    </tr>
    <tr>
      <td id="copyright">&copy;2010 FREESIGHOSTING.NET</td>
    </tr>
  </table>

</center>
</body>
</html>

';
}
mysql_close($con);
?>

wirehopper · #3 (**permalink**) 04-08-10, 06:00 PM

Quote:

The image file it self is stored in a file ../user_image/username/file.ext and the file name with user id and image id is stored in the mySQL e.g.

id = 2
uid = 1
filename = file.ext

unlink('../user_image/'.$username.'/'.$filename);

DELETE FROM `table` WHERE `id`=$_GET['id'] AND `uid`=$_GET['uid'];

PHP: unlink - Manual
MySQL :: MySQL 5.5 Reference Manual :: 12.2.2 DELETE Syntax

echo '<a href="delete.php?id='.$row['id'].'&uid='.$row['uid'].'>Delete</a>';

This isn't a secure approach, you must validate that id and uid are all numeric, to avoid SQL injection.

if (is_numeric($_GET['id']) && is_numeric($_GET['uid']))

can be used to test if the input is made up of numbers.

PHP: is_numeric - Manual