I found a PHP script that allows a user to upload a file to the site's server, and then displays a link to whatever file was uploaded.
What I want to do now is give the user the option to delete whatever file he uploaded. Here's my code:
upload.php:
Code:
<?php $target = "uploads/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ok=1; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded" . "<p> </p>" . "<a href=\"http://www.site.net/directory/\">Click here to go back to the page!</a>" ; } else { echo "There was an error uploading this."; } ?>
Code that displays the links (sorry, I've commented out part of the table that holds info on file size, I didn't need it):
Is there a space in these scripts to add a delete button? Any resources anyone could point me toward to help? I'm new to PHP and have searched but without any luck, so I thought I'd post here. Thanks in advance for any help!
Add a delete link .... so that the link URL contains the row number (or unique ID of the row you wish to delete).
Like this:
<a hef='delete.php?id=23'>Delete this item</a>
Now, you have a PHP script called 'delete.php' ...
in that, you grab the id and do the actual delete from the database then redirect back.
This would be "delete.php" ...
PHP Code:
<?php
// get URL variable
$id=$_GET['id'];
// sanitize ... make sure it's only a numeric value (id number) ...
if ($id && !is_numeric($id)){
exit;
}
$id = mysql_real_escape_string($id);
// query the database, so you can grab a filename that is stored there ... for deletion.
// I have no idea what your table is called, or variables ... as you refused to tell us that.
$query = "SELECT filename FROM yourtable WHERE yourid=$id";
$result = mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());
while ($row = mysql_fetch_assoc($result)) {
$file=$row['filename'];
}
// you can now delete a file, like an image or PDF, etc.
$path="images/";
$delfile = "../$path/$file";
if (file_exists($delfile)) {
unlink($delfile);
}
// do the actual delete of the row from the database ...
// my example doesn't have the correct table or column names.
$query = "DELETE FROM yourtable WHERE yourid=$id";
$result = mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());
// redirect back to the previous page
header ("location: index.php");
Add a delete link .... so that the link URL contains the row number (or unique ID of the row you wish to delete).
Like this:
<a hef='delete.php?id=23'>Delete this item</a>
Now, you have a PHP script called 'delete.php' ...
in that, you grab the id and do the actual delete from the database then redirect back.
This would be "delete.php" ...
PHP Code:
<?php
// get URL variable
$id=$_GET['id'];
// sanitize ... make sure it's only a numeric value (id number) ...
if ($id && !is_numeric($id)){
exit;
}
$id = mysql_real_escape_string($id);
// query the database, so you can grab a filename that is stored there ... for deletion.
// I have no idea what your table is called, or variables ... as you refused to tell us that.
$query = "SELECT filename FROM yourtable WHERE yourid=$id";
$result = mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());
while ($row = mysql_fetch_assoc($result)) {
$file=$row['filename'];
}
// you can now delete a file, like an image or PDF, etc.
$path="images/";
$delfile = "../$path/$file";
if (file_exists($delfile)) {
unlink($delfile);
}
// do the actual delete of the row from the database ...
// my example doesn't have the correct table or column names.
$query = "DELETE FROM yourtable WHERE yourid=$id";
$result = mysql_query($query) or die( "An error has ocured: " .mysql_error (). ":" .mysql_errno ());
// redirect back to the previous page
header ("location: index.php");
?>
Thank you so much for your help. I'm eager to try out this script but obviously it needs some configuration. Being new to PHP, I didn't realize I was leaving out pertinent info... you said "I have no idea what your table is called, or variables"... at the risk of sounding completely ignorant, by table to you mean my database name? Er... ? If you give me a hint as to where to find the table and variable names, I will print them here. Thanks!!
MySQL table names and column names.
You'll have to put in the real names of what you have, not the ones in my example.
It's really important to control (sanitize, validate, whatever you want to call it),
every variable that is used within a MySQL query. Don't let users have the ability
to enter things without controlling what they enter.
Just a thought, but it might be wise to have a random code generated when each file is first added - and add that code to the database entry for that file. Then, when deleting files via a link have the link send two variables (the item id and the code stored in the database) and only delete the target file if the two variables match what is in your database. Otherwise people could just try id's at random to delete other people's files.
Before you post, read our: 
