1. 首页
  2. 问答
  3. PHP上的奇怪行为MYSQL image unlink

PHP上的奇怪行为MYSQL image unlink

2013-11-26 82 views
0

我在这里跟着几个教程,我无法弄清楚我的错误。PHP上的奇怪行为MYSQL image unlink

画廊得到正确显示,并且当我在Firefox中检查元素检查器时,复选框具有正确的值,但我写的这个小脚本始终取消链接循环中最后一张图片,并且数据库行不会被删除。

也许你有更好的眼光,我失去了什么,然后我自己?

$sql = "SELECT id, title FROM houses "; 
$query = mysql_query($sql); 
while ($result = mysql_fetch_array($query)) { 
echo $result['title'] . $result['id']; 
echo"<br>"; 
$sql1 = "SELECT * FROM gallery_photos WHERE photo_category=" . $result['id']; 
$query1 = mysql_query($sql1); 

while ($row = mysql_fetch_array($query1)) { 
    $photo_filename = $row['photo_filename']; 

    echo "<form action='' method='post'> 
     <li style='float:left; list-style-type:none;'> 
     <img src='houses/" . $photo_filename . "' title='$photo_filename' width='100px'> &nbsp; 
     <input type='checkbox' name='delete' value='$photo_filename'/> <br> 
      </li> "; 
} 

echo "<p style='clear:both' /> <input type='submit' value='Delete Selected' />"; 
echo" </form>"; 
echo "<p style='clear:both;'>"; 
echo "<br><br>"; 
} 

if (isset($_POST['delete']) && is_array($_POST['delete']) && count($_POST['delete']) > 0) { 
unlink("THIS/IS/A/WORKING/PATH/houses/" . $photo_filename); 
unlink("THIS/IS/A/WORKING/PATH/houses/tb_" . $photo_filename); 
mysql_query("DELETE FROM gallery_photos WHERE photo_filename = $photo_filename"); 
} 
?>

来源

2013-11-26 Disturbed

+0

你不是closin g'form'元素,从而生成无效的HTML。 – CBroe

+2

这段代码** ** INCREDIBLY **危险,你应该停止工作,直到你明白为什么......考虑'$ photo_filename ='../../../../../ ../windows/system32/ntoskrnl.exe'' –

+0

@CBroe对于未封闭的表单,在调整侧面空间时意外删除了它,因此它将显示在代码括号中:P – Disturbed

回答

0

您正在为新照片每次打开元素,但提交按钮和只有一个结束标记在所有表单之外。您可能需要修复html以使其正常工作。

编辑错误的文件被删除,因为你在最后3行,而不是从$_POST['delete']值使用$photo_filename变量。

附注:这段代码真的很糟糕,也很麻烦。这是一场安全噩梦。

来源

2013-11-26 14:22:58 Paulina

+0

这只是一个测试版本,我需要知道我的删除功能需要完成什么(这意味着它需要什么元素),然后才能编写适合安全标准的版本... – Disturbed

+0

正如我所说的,你是删除时使用'$ photo_filename'变量,而不是表单中的值! – Paulina

0

这样的事情应该排序它,我没有测试它,但希望它能工作。

foreach ($_POST['delete'] as $filename) { 
    unlink("THIS/IS/A/WORKING/PATH/houses/" . $filename); 
    unlink("THIS/IS/A/WORKING/PATH/houses/tb_" . $filename); 
    mysql_query("DELETE FROM gallery_photos WHERE photo_filename = $filename"); 
} 

echo '<form action='' method='post'>'; 
$sql = "SELECT id, title FROM houses "; 
$query = mysql_query($sql); 
while ($result = mysql_fetch_array($query)) { 
    echo $result['title'] . $result['id']; 
    echo"<br>"; 
    $sql1 = "SELECT * FROM gallery_photos WHERE photo_category=" . $result['id']; 
    $query1 = mysql_query($sql1); 

    while ($row = mysql_fetch_array($query1)) { 
     $photo_filename = $row['photo_filename']; 

     echo "<li style='float:left; list-style-type:none;'> 
      <img src='houses/" . $photo_filename . "' title='$photo_filename' width='100px'> &nbsp; 
      <input type='checkbox' name='delete[]' value='$photo_filename'/> <br> 
       </li> "; 

    } 

    echo "<p style='clear:both' /> <input type='submit' value='Delete Selected' />"; 
    echo" </form>"; 
    echo "<p style='clear:both;'>"; 
    echo "<br><br>"; 
}

注意复选框名称末尾的[],这意味着它会创建它们的数组。您可能希望在foreach中添加额外的检查以防止它在$ _POST ['delete']尚未设置时运行。

来源

2013-11-26 14:28:39 mic

0

首先,只是要确定,你所得到的参数,可以你可以使用:

echo "<br />Contents of \$_POST:<br />"; 
foreach ($_POST as $k => $v) { 
     echo " $k = $v<br />"; 
}

所以,你知道PARAMS你得到了什么。它看起来像工作。

此外,您还可以使用它,删除图像,

foreach ($_POST as $k => $v) : 
    if ($k == "delete") : 
     // add your code for unlink and delete 
    endif; 
endforeach;

其次,检查权限之前删除

chmod($this->uploaddir . $this->finalName, octdec(0777)); // Maybe 0666 is enough 
@unlink(path_to_file); // @ to avoid see code errors

和公正,为你考虑,也许如果你使用不必关心漂浮,并清除

干杯

来源

2013-11-26 14:52:34 ibpeco

相关问题

 相关问题