删除文件PHP的问题

时间:2011-08-30 20:43:05

标签: php sql unlink

这是我从我的sql数据库中提取信息的代码,然后我想删除每个目录中的.txt文件,但我似乎无法弄清楚为什么它不会删除这些文件。

<?php

session_start();
$user = $_SESSION['SESS_USERNAME'];

$id = array();
$id = $_POST['selected'];

//Include database connection details
require_once('config_order.php');

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
    die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if (!$db) {
    die("Unable to select database");
}

//Create query
$query = mysql_query("SELECT * FROM  `PropertyInfo` WHERE  `order_number` =  '$id[0]'");

// display query results

while ($row = mysql_fetch_array($query)) {
    $c_name = $row['clientname'];
    $sitestreet = $row['sitestreet'];              
    $inspector = $row['inspector'];
}
mysql_close($link);

$client_name = str_replace(" ", "_", $c_name);
$site_street = str_replace(" ", "_", $sitestreet);

$client_name = "{$client_name}.txt";
$site_street = "{$site_street}.txt";

$client_path = "/var/www/vhosts/default/htdocs/Members/$user/$inspector/Orders/Clients";
$inspection_path = "/var/www/vhosts/default/htdocs/Members/$user/$inspector/Orders/Inspections";

if (unlink($client_path . "/" . $client_name)) {
    echo 'File Deleted';
} else {
    echo 'File could not be deleted';
}
?>

3 个答案:

答案 0 :(得分:1)

尝试一些额外的调试:

$realpath = $client_path . '/' . $client_name;

if (file_exists($realpath)) {
   if (is_writable($realpath)) {
       if (unlink($realpath)) {
            echo "$realpath deleted";
       } else {
            echo "Unable to delete $realpath";
       }
   } else {
      echo "$realpath is not writable";
   }
} else {
   echo "$realpath does not exist";
}

答案 1 :(得分:1)

乍一看,这是一个问题,如果 $_POST['selected']不是数组:

$id = array();
$id = $_POST['selected'];

...


$query = mysql_query("SELECT * FROM  `PropertyInfo` WHERE  `order_number` =  '$id[0]'");

您将$id实例化为空数组,然后使用$_POST['selected']覆盖,因此$id[0]是字符串$id的第一个字符}。

例如,如果$_POST['selected']12345

"SELECT * FROM  `PropertyInfo` WHERE  `order_number` =  '$id[0]'"

相当于:

"SELECT * FROM  `PropertyInfo` WHERE  `order_number` =  '1'"

要么不尝试使用索引访问它,要么$id[] = $_POST['selected']; 元素添加到$id数组中。

无论是否是数组,您执行需要先输入sanitize,然后才能将其插入查询或使用prepared statements

答案 2 :(得分:1)

我认为这是因为您的while循环会覆盖$c_name$sitestreet$inspector变量。这意味着您只会删除最后一个文件。

这是你想要做的吗? (再次编辑...... 

$query = mysql_query("SELECT * FROM `PropertyInfo` WHERE `order_number` IN (".mysql_real_escape_string(implode(',',$id)).")");

while ($row = mysql_fetch_array($query)) {

  $inspector = $row['inspector'];
  $client_name = str_replace(" ", "_", $row['clientname']).'.txt';
  $site_street = str_replace(" ", "_", $row['sitestreet']).'.txt';

  $client_path = "/var/www/vhosts/default/htdocs/Members/$user/$inspector/Orders/Clients";
  $inspection_path = "/var/www/vhosts/default/htdocs/Members/$user/$inspector/Orders/Inspections";

  if (!file_exists($client_path.'/'.$client_name)) {
    echo "File $client_path/$client_name does not exist!\n";
  } else echo (unlink($client_path.'/'.$client_name)) ? "File $client_path/$client_name was deleted\n" : "File $client_path/$client_name could not be deleted\n";

}
mysql_close($link);
相关问题
最新问题