开发者

Warning: unlink(/web/htdocs/www.vhannibal.net/home/setting/): Is a directory in [...]

开发者 https://www.devze.com 2023-02-20 16:49 出处:网络
require(\"$_SERVER[DO开发者_如何学GoCUMENT_ROOT]mysql.php\"); $id = $_GET[\"id\"]; $result = mysql_query(\"SELECT * FROM Setting WHERE ID = \\\"$id\\\"\");
require("$_SERVER[DO开发者_如何学GoCUMENT_ROOT]mysql.php");
$id = $_GET["id"];
$result = mysql_query("SELECT * FROM Setting WHERE ID = \"$id\"");
$row = mysql_fetch_array($result);
switch ($_GET["action"])
{
    case "update":
    if (!unlink("$_SERVER[DOCUMENT_ROOT]setting/$row[Filename]"))
    {
        echo "Non è stato possibile cancellare il vecchio file.";
        header("Refresh: 2.5; url=index.php");
        exit();
    }

The error is "Warning: unlink(/web/htdocs/www.vhannibal.net/home/setting/): Is a directory in [...] on line 43", line 43 is

if (!unlink("$_SERVER[DOCUMENT_ROOT]setting/$row[Filename]"))

What's wrong with it?


First off, you should consider going back to basics and reading up on input validation.

Ignoring the glaring mysql injection issue, unlink() can only be called on files. In your code here, you don't check whether $row['Filename'] is a file or not before deleting it.

The least you could do is check whether the file exists

if (is_file("$_SERVER[DOCUMENT_ROOT]setting/{$row['Filename']}")) {
  //delete code
}


$row[Filename] is not having any data in it or its empty string.


As there is still no right answer I have to write it myself.

As Gaurav pointed it out, you are not checking if mysql query returned any data
thus, your code should be (however, I'd write strings more usual way):

require($_SERVER['DOCUMENT_ROOT']."/mysql.php");
$sql = "SELECT * FROM Setting WHERE ID = ".intval($_GET["id"]);
$res = mysql_query() or trigger_error(mysql_error().$sql);
$row = mysql_fetch_array($result);

if ($row) // <-- here it is!
{
    switch ($_GET["action"])
    {
        case "update":
        if (!unlink($_SERVER['DOCUMENT_ROOT']."setting/".$row['Filename']))
        {
            echo "Non è stato possibile cancellare il vecchio file.";
            header("Refresh: 2.5; url=index.php");
            exit();
        }
    }
}
0

精彩评论

暂无评论...
验证码 换一张
取 消