Not deleting the correct file in PHP

Question

I am facing problem deleting the correct files. I am displaying the list of files uploaded by the user sorted by the time of upload (last upload first). If there's a list of 3-4 files, no matter which file I click to delete, the first file in the list gets deleted, the file last uploaded that is. Here is my page displaying the files a particular user has uploaded.

<?php
$uid=$faculty_data['faculty_id']; //Assigns logged in id to a variable
$query="SELECT * FROM uploads ORDER BY datetime DESC"; //Sorts by date time
$result=mysql_query($query);
while($row=mysql_fetch_assoc($result))
{
if($uid==$row['faculty_id']) //Checks if the logged in id matches with id in DB
{
echo '<form action="delete.php" method="POST">';
echo "<strong>File: </strong>";
$url=$row['link'];  
$new="http://tofsis.com/fileshare/".$url; 
echo "<a href='$new'>$new</a><br/>";
echo "<strong>On: </strong>".$row['datetime'];
echo '<br><input type="submit" name="delete" class="btn btn" value="Delete File"/>';
echo '<hr>';
echo '</form>';
}
}
?>

And this is my delete page:

<?php
$uid=$faculty_data['faculty_id'];
$query="SELECT * FROM uploads ORDER BY datetime DESC";
$result=mysql_query($query);
if(isset($_POST['delete']))
{
 while($row=mysql_fetch_assoc($result))
{
if($uid==$row['faculty_id'])
{
 $url=$row['link'];
 $new="http://tofsis.com/fileshare/".$url; 
 $query="DELETE FROM uploads WHERE link = '$url'";
 $result=mysql_query($query);
 unlink($url);
}
}
 header('Location: my_uploads.php');
 exit();
 }
 else {
 echo '<script type="text/javascript">alert("Oops something went wrong!")</script>';
 header('Location: my_uploads.php');
 exit();
 }
?>

Can anyone please tell me where I am going wrong so that I can get my problem fixed?

How my DB looks like

Screenshot of My Uploads page displaying files uploaded by the user

[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — Madara's Ghost, Feb 27 '13 at 15:23
I guess you should change `$uid=$faculty_data['faculty_id'];` for `$uid=$_REQUEST['faculty_id'];` — fedorqui, Feb 27 '13 at 15:24
@fedorqui: Tried that. Doesn't work. This is has something to do with the form or the query. — Ankur Sinha, Feb 27 '13 at 15:27

Hackerman · Accepted Answer · 2013-02-28T13:56:43.850

2

A couple of changes should be make:

 <?php
        $uid=$faculty_data['faculty_id']; //Assigns logged in id to a variable
        $query="SELECT * FROM uploads ORDER BY datetime DESC"; //Sorts by date time
        $result=mysql_query($query);
        while($row=mysql_fetch_assoc($result))
        {
        if($uid==$row['faculty_id']) //Checks if the logged in id matches with id in DB
        { 
        $file_id = $row['id'];
        echo '<form action="delete.php" method="POST">';
        echo "<strong>File: </strong>";
        $url=$row['link'];  
        $new="http://tofsis.com/fileshare/".$url; 
        echo "<a href='$new'>$new</a><br/>";
        echo "<input type='hidden' value='$url' id='file_path' name='file_path' />";
        echo "<input type='hidden' value='$file_id' id='id_file' name='id_file' />"; // new line
        echo "<strong>On: </strong>".$row['datetime'];
        echo '<br><input type="submit" name="delete" class="btn btn" value="Delete File"/>';
        echo '<hr>';
        echo '</form>';
        }
        }
?>

On the delete page, this:

 <?php

         $file_id=$_POST['id_file'];
         $file_path = $_POST['file_path'];

         $query="DELETE FROM uploads WHERE id = $file_id";
         $result=mysql_query($query);
         unlink($file_path); //this should works on deleting the file

?>

That should do the trick ;)

edited Feb 28 '13 at 13:56

answered Feb 27 '13 at 15:38

Hackerman

12,139
2
34
45

Same problem exists. I tried deleting the second file, the first one got deleted. – Ankur Sinha Feb 27 '13 at 15:43
I think your aproach is bad....making a select first and comparing....that comparing is fail – Hackerman Feb 27 '13 at 16:15
Could you please help the way you would do it then? – Ankur Sinha Feb 27 '13 at 16:15
You want to delete ths last link according to a faculty_id....a faculty_id can have a lot of links???....is that your aproach?? – Hackerman Feb 27 '13 at 16:42
I have a table that has list of files uploaded by different faculties. Say I am a faculty, when I loginto my account, I can see only the files I have uploaded. I added a delete button next to each file. (till here I got everything right). On clicking delete I want that file to be deleted from DB as well as directory. But no matter what I click, the last file uploaded gets deleted, that's the problem. – Ankur Sinha Feb 27 '13 at 16:46
Just has i think....let me think a little and do an update on my answer...woa woa woa....can you show me your upload table schema??? – Hackerman Feb 27 '13 at 16:47
I uploaded a sample picture. Check it out. – Ankur Sinha Feb 28 '13 at 01:23
Worked like a beauty. But it didn't delete the file from the directory, deleted on from the database. – Ankur Sinha Feb 28 '13 at 13:27
You want the file being deleted on the database and on the directory??.....i added the needed code ;)...you should check the $file_path var in order to be the same with your upload dir ;) – Hackerman Feb 28 '13 at 13:53

score 0 · Answer 2 · answered Feb 27 '13 at 15:32

0

Add another hidden input that stores the File ID and Get it in your delete script and use it

answered Feb 27 '13 at 15:32

ImadBakir

553
1
7
26

score 0 · Answer 3 · edited May 23 '17 at 10:30

You create a separate POST form for each available file but none of this forms contain any information about what file they refer to. I guess that $_POST contains nothing but a delete key with Delete File as value.

In your delete page, you read data from a variable that does not exist:

$uid=$faculty_data['faculty_id']

... and then you retrieve all files from the database to compare their ID against $uid. I guess you are removing all rows when the ID is zero.

To do:

Enable full error reporting. That's something you need to fix before you go further; it's impossible to code without the aid of error messages. Here's a brief explanation.
Add a hidden field to the form with the corresponding ID.
Read form data from $_POST, not from an arbitrary variable.
Learn some basic SQL, such as the WHERE clause, so you can do something like:
```
DELETE FROM uploads
WHERE faculty_id=333
```
Learn about SQL injection. Use a library that provides prepared statements.

Not deleting the correct file in PHP

3 Answers3