I am trying to delete images when the user click on delete
if (isset($_GET['sid'])) {
$sid = $_GET['sid'];
}
$getImageName = "SELECT * FROM header_image_arabic WHERE id='" . $sid . "'";
$QgetImageName = $db->query($getImageName) or die($db->error);
if ($Fname = $QgetImageName->fetch_object())
$myImageName = $Fname->image;
// delete image from dir function
$dir = "../images/backSlider_arabic/";
opendir($dir);
if (dir($dir)) {
$filename = $myImageName;
if (file_exists($filename)) {
unlink("../images/backSlider_arabic/" . $filename);
echo 'File' . $filename . 'has been deleted';
} else {
echo 'Could not delete ' . $filename . ',file does not exist';
echo "<br />" . dirname("../images/backSlider_arabic/") . ".<br />";
}
} else {
echo "Dir not there";
}
closedir();
every time I click on delete it come with "Could not delete myfile.jpg, file does not exist'"
Edit mySql with more security
if(isset($_GET['sid'])){
$sid=$_GET['sid'];
}
$getName = $db->prepare("SELECT * FROM header_image_arabic WHERE id=?");
$getName->bind_param('s', $sid);
$getName->execute();
$result = $getName->get_result();
if($Fname=$result->fetch_object())
$myImageName=$Fname->image;
//delete image from dir function
$dir="../images/backSlider_arabic/";
opendir($dir);
if(dir($dir)){
$filename=$myImageName;
if(file_exists("../images/backSlider_arabic/".$filename)) {
unlink("../images/backSlider_arabic/".$filename);
echo'File'.$filename.'has been deleted';
}else{
echo 'Could not delete '.$filename.',file does not exist';
echo "<br />".dirname("../images/backSlider_arabic/").".<br />";
}
}else{echo"Dir not there";}
closedir();
I have updated my code since the mySql query was very poor on security I used Prepared statements to better way.
