I'm trying to create a delete image link if the image is present and when the user clicks the delete image link it should delete the image. But for some reason this is not working can someone help me fix the delete image link problem? Thanks!
Here is the PHP code.
if (isset($_POST['delete_image'])) {
$img_dir = "../members/" . $user_id . "/images/thumbs/";
$img_thmb = "../members/" . $user_id . "/images/";
$image_name = $row['image'];
if(file_exists($img_dir . $image_name)){
if(unlink($img_dir.$image_name) && unlink($img_thmb.$image_name)){
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysq开发者_高级运维li_query($mysqli, "DELETE FROM users* WHERE image_id = '.$image_id.' AND user_id = '$user_id'");
}else{
echo '<p class="error">Sorry unable to delete image file!</p>';
}
}
}
if(isset($_POST['image']) || !empty($image)) {
echo '<a href="'. $_POST['delete_image'] .'">Delete Image</a>';
}
"DELETE FROM users* WHERE image_id = '.$image_id.' AND user_id = '$user_id'"
should be
"DELETE FROM users WHERE image_id = $image_id AND user_id = $user_id"
This is assuming $image_id and $user_id are both integers. If they're strings, put the single quotes around them.
Also, double check your link:
<a href="'. $_POST['delete_image'] .'">Delete Image</a>
Is the user really passing in the link via POST?
Your code is vulnerable to SQL injection attacks. Please consider using parametrized queries.
"DELETE FROM users WHERE image_id = $image_id AND user_id = $user_id"
And also
$path = "Your Image folder Path"; $image_name = "Your Image Name";
unlink($path."$image_name);
精彩评论