require("$_SERVER[DO开发者_如何学GoCUMENT_ROOT]mysql.php");
$id = $_GET["id"];
$result = mysql_query("SELECT * FROM Setting WHERE ID = \"$id\"");
$row = mysql_fetch_array($result);
switch ($_GET["action"])
{
case "update":
if (!unlink("$_SERVER[DOCUMENT_ROOT]setting/$row[Filename]"))
{
echo "Non è stato possibile cancellare il vecchio file.";
header("Refresh: 2.5; url=index.php");
exit();
}
The error is "Warning: unlink(/web/htdocs/www.vhannibal.net/home/setting/): Is a directory in [...] on line 43", line 43 is
if (!unlink("$_SERVER[DOCUMENT_ROOT]setting/$row[Filename]"))
What's wrong with it?
First off, you should consider going back to basics and reading up on input validation.
Ignoring the glaring mysql injection issue, unlink()
can only be called on files. In your code here, you don't check whether $row['Filename']
is a file or not before deleting it.
The least you could do is check whether the file exists
if (is_file("$_SERVER[DOCUMENT_ROOT]setting/{$row['Filename']}")) {
//delete code
}
$row[Filename] is not having any data in it or its empty string.
As there is still no right answer I have to write it myself.
As Gaurav pointed it out, you are not checking if mysql query returned any data
thus, your code should be (however, I'd write strings more usual way):
require($_SERVER['DOCUMENT_ROOT']."/mysql.php");
$sql = "SELECT * FROM Setting WHERE ID = ".intval($_GET["id"]);
$res = mysql_query() or trigger_error(mysql_error().$sql);
$row = mysql_fetch_array($result);
if ($row) // <-- here it is!
{
switch ($_GET["action"])
{
case "update":
if (!unlink($_SERVER['DOCUMENT_ROOT']."setting/".$row['Filename']))
{
echo "Non è stato possibile cancellare il vecchio file.";
header("Refresh: 2.5; url=index.php");
exit();
}
}
}
精彩评论