use unlink method for delete image from the path and database

Question

$path="image/";
$sql=mysql_query("select * from gallery where galleryid='$del'");
$row=mysql_fetch_array($sql);
unlink("$path.$row[image]");
mysql_query("delete from tablename where tableid='$del'");

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — DigiLive, Feb 23 '19 at 10:15
if you took the time to format your code, SO's rendering would have shown you some error. Also, your sql stucture seems odd (find in table `gallery`, delete in table `tablename`) ... is there more to this that you should be testing (and eventually show here) ? — YvesLeBorg, Feb 23 '19 at 10:48

score 1 · Answer 1 · answered Feb 23 '19 at 09:46

1

You forgot a quotation on line #4 to wrap the array key: $row['image'].

Also check if the file exists before deleting it to prevent warnings.

$file = $path.$row['image'];

if(file_exists($file))
    unlink($file);

answered Feb 23 '19 at 09:46

Tom

316
2
9
30

use unlink method for delete image from the path and database

1 Answers1