Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jul 2008
    Location
    MD, USA
    Posts
    65
    Thanks
    16
    Thanked 0 Times in 0 Posts

    PHP inline upload - needs a delete option

    I found a PHP script that allows a user to upload a file to the site's server, and then displays a link to whatever file was uploaded.

    What I want to do now is give the user the option to delete whatever file he uploaded. Here's my code:

    upload.php:

    Code:
    <?php $target = "uploads/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ok=1; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded" . "<p>&nbsp;</p>" . "<a href=\"http://www.site.net/directory/\">Click here to go back to the page!</a>" ; } else { echo "There was an error uploading this."; } ?>
    Code that displays the links (sorry, I've commented out part of the table that holds info on file size, I didn't need it):

    Code:
    <?php
    
    $path = "/home/site/site.net/directory/uploads"; //Only difference with the XP version
    
    $itemsNo = 0;
    
    $DirHandler = opendir($path) or die("Unauthorize Access");
    
    print("<td width =\"550px\" ><div align=\"center\">");
    
    print("<table border=1 cellpadding=5 cellspacing=0 class=whitelinks style=\"border: 1px solid #ffffff\" >");
    
    print("<tr bgcolor=\"#ffffff\"><th>item no.</th><th>file</th></tr>");
    
    while ($file = readdir($DirHandler)) {
    
    if  (($file !="index.php") && (substr("$file", 0, 1) != ".")) {
    
    $itemNo++;
    
    $ModelNo = substr("$file",0,strlen($file) - 4);
    
    print("<tr><td align=\"center\">$itemNo</td>");
    
    print("<td><b><a href=\"uploads/$file\">$ModelNo</a></b></td>");
    
    //print("<td>");
    
    // $dispsize = filesize($file);
    
    //$UnitSize = " Bytes";
    
    //if ($dispSize >= 1000000) {
    
    //$dispsize = $dispsize/1000000;
    
    //$UnitSize = " MB";
    
    }
    
    //if ($dispSize >= 1000) {
    
    //$dispsize = $dispsize/1000;
    
    //$UnitSize = " KB";
    
    //}
    
    //print($dispSize);
    
    //print($UnitSize);
    
    //print("</td></TR>");
    
    // }
    
    //print("</div></td>");
    
    }
    
    closedir($DirHandler);
    
    ?>

    Is there a space in these scripts to add a delete button? Any resources anyone could point me toward to help? I'm new to PHP and have searched but without any luck, so I thought I'd post here. Thanks in advance for any help!

  • #2
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,381
    Thanks
    8
    Thanked 1,075 Times in 1,066 Posts
    Add a delete link .... so that the link URL contains the row number (or unique ID of the row you wish to delete).

    Like this:

    <a hef='delete.php?id=23'>Delete this item</a>

    Now, you have a PHP script called 'delete.php' ...
    in that, you grab the id and do the actual delete from the database then redirect back.

    This would be "delete.php" ...
    PHP Code:
    <?php

    // get URL variable
    $id=$_GET['id'];

    // sanitize  ... make sure it's only a numeric value (id number) ...
    if ($id && !is_numeric($id)){
      exit;
    }
    $id mysql_real_escape_string($id);

    // query the database, so you can grab a filename that is stored there ... for deletion.
    // I have no idea what your table is called, or variables ... as you refused to tell us that.
    $query "SELECT filename FROM yourtable WHERE yourid=$id";
    $result mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());  
    while (
    $row mysql_fetch_assoc($result)) {
    $file=$row['filename'];
    }

    // you can now delete a file, like an image or PDF, etc.
    $path="images/";
    $delfile "../$path/$file";
    if (
    file_exists($delfile)) {
    unlink($delfile);
    }

    // do the actual delete of the row from the database ... 
    // my example doesn't have the correct table or column names.
    $query "DELETE FROM yourtable WHERE yourid=$id";
    $result mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());  

    // redirect back to the previous page
    header ("location: index.php");

    ?>
    Last edited by mlseim; 10-11-2010 at 01:51 AM.

  • #3
    New Coder
    Join Date
    Jul 2008
    Location
    MD, USA
    Posts
    65
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    Add a delete link .... so that the link URL contains the row number (or unique ID of the row you wish to delete).

    Like this:

    <a hef='delete.php?id=23'>Delete this item</a>

    Now, you have a PHP script called 'delete.php' ...
    in that, you grab the id and do the actual delete from the database then redirect back.

    This would be "delete.php" ...
    PHP Code:
    <?php

    // get URL variable
    $id=$_GET['id'];

    // sanitize  ... make sure it's only a numeric value (id number) ...
    if ($id && !is_numeric($id)){
      exit;
    }
    $id mysql_real_escape_string($id);

    // query the database, so you can grab a filename that is stored there ... for deletion.
    // I have no idea what your table is called, or variables ... as you refused to tell us that.
    $query "SELECT filename FROM yourtable WHERE yourid=$id";
    $result mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());  
    while (
    $row mysql_fetch_assoc($result)) {
    $file=$row['filename'];
    }

    // you can now delete a file, like an image or PDF, etc.
    $path="images/";
    $delfile "../$path/$file";
    if (
    file_exists($delfile)) {
    unlink($delfile);
    }

    // do the actual delete of the row from the database ... 
    // my example doesn't have the correct table or column names.
    $query "DELETE FROM yourtable WHERE yourid=$id";
    $result mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());  

    // redirect back to the previous page
    header ("location: index.php");

    ?>
    Thank you so much for your help. I'm eager to try out this script but obviously it needs some configuration. Being new to PHP, I didn't realize I was leaving out pertinent info... you said "I have no idea what your table is called, or variables"... at the risk of sounding completely ignorant, by table to you mean my database name? Er... ? If you give me a hint as to where to find the table and variable names, I will print them here. Thanks!!

  • #4
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,381
    Thanks
    8
    Thanked 1,075 Times in 1,066 Posts
    MySQL table names and column names.
    You'll have to put in the real names of what you have, not the ones in my example.

    It's really important to control (sanitize, validate, whatever you want to call it),
    every variable that is used within a MySQL query. Don't let users have the ability
    to enter things without controlling what they enter.

  • #5
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Just a thought, but it might be wise to have a random code generated when each file is first added - and add that code to the database entry for that file. Then, when deleting files via a link have the link send two variables (the item id and the code stored in the database) and only delete the target file if the two variables match what is in your database. Otherwise people could just try id's at random to delete other people's files.
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #6
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,381
    Thanks
    8
    Thanked 1,075 Times in 1,066 Posts
    Good point about the delete part.
    A random number, or "key" type of thing would be good to have.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •