Hello, I need some help with an unlink function. I'm getting the following errors when I try to delete / unlink a file. The code is below, starting at line 41. Any help would be much appreciated. This is for my site Upload4Free.com If anyone can help me fix this, I would gladly tip you. if(isset($_GET['delete'])) { unlink("./files/".$_GET['delete'].".txt"); unlink("./storage/".$_GET['delete']); if(isset($_GET['banreport'])) { $bannedfile = $_GET['banreport']; if (file_exists("./files/$bannedfile".".txt")) { unlink("./files/".$bannedfile.".txt"); unlink("./storage/".$bannedfile); $deleted=$bannedfile; } $fc=file("./reports.txt"); $f=fopen("./reports.txt","w+"); foreach($fc as $line) { Code (markup):
I have a script that used the unlink function, it was written like this: I don't know why yours has $_GET in it. I'm not a php genius, I just saw the unlink function and figured I'd throw in my 2 cents.
Thanks =) The unlink has to call up a file.. basically, the site has a list of downloads that have been reported.. i click a button to delete the file, but it has to retrieve the file, so it uses $_GET I'll probably just switch to another script if I cant get this thing working correctly.
Using isset() is a bad idea when dealing with file names. For example the URL: http://www.website.com/admin.php?delete= will cause your if statement to become true and your unlinks will run. A better approach would be to check the length of the 'delete' statement using strlen(). Even better would be to check that the file actually exists before trying to delete it, using file_exists() as well. Could be improved by using is_writable() as well. Also, keep in mind that since you're using unlink, make sure that the stuff being passed via 'delete' is actually something you want to be deleted. Imagine what would happen if someone set 'delete' to '../admin.php' - DON'T TRY THIS YOURSELF, YOU'LL LIKELY DELETE YOUR admin.php FILE!!
I know the script you're using. In your admin panel, what is the url of the delete link you're clicking? It looks like you're clicking on a blank report request. Check if there is a blank line or something in reports.txt
Using the following code will most probably prevent the error. if(!empty($_GET['delete'])) { unlink("./files/".$_GET['delete'].".txt"); unlink("./storage/".$_GET['delete']); Code (markup): But our problem is that $_GET['delete'] is empty. Can you plz give the url of the page showing the above error? Just to check whether delete={filename} exists or not.