使用 AJAX/PHP 删除文件
问题
我想使用 AJAX/PHP 删除文件。
但是php说我用AJAX发送的文件名不是文件,但是当我直接转到链接时我可以删除文件。看看我当前的 PHP,我放入了 IF/ELSE 语句来检查字符串是否是带有:is_file 的文件,结果是 false。
如果没有 is_file 则表示:
Warning: unlink("image.jpg") [function.unlink]: Invalid argument in C:\wamp\www\images\users\delete.php on line 8
调用ajax的文件位于我要删除的文件所在的文件夹内。
PHP
<?php
// I save the file sources from the URL what was sent by AJAX to these variables.
$photo_id = $_GET['photo_id'];
$thumbnail_id = $_GET['thumbnail_id'];
function deletePhotos($id){
// If is a file then delete the file.
if(is_file($id)){
return unlink($id);
// Else show error.
} else {
echo $id . " is not a file, or there is a problem with it.<br />" ;
}
}
if(isset($photo_id)){
deletePhotos($photo_id);
}
if(isset($thumbnail_id)){
deletePhotos($thumbnail_id);
}
?>
AJAX
function deletePhoto(photo, thumbnail){
var photos = encodeURIComponent(photo);
var thumbnails = encodeURIComponent(thumbnail);
if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("media").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id=\""+photos+"\"&thumbnail_id=\""+thumbnails+"\"", true);
xmlhttp.send();
}
The problem
I want to delete a file with AJAX/PHP.
But the php says that the file name what I send with AJAX is not a file, but when I go directly to the link I can delete the files. Check out my current PHP, I've put in the IF/ELSE statement to check if the string is a file with: is_file, the result is false.
Without is_file says this:
Warning: unlink("image.jpg") [function.unlink]: Invalid argument in C:\wamp\www\images\users\delete.php on line 8
The file what calls the ajax is inside the folder where are the files too what I want to delete.
The PHP
<?php
// I save the file sources from the URL what was sent by AJAX to these variables.
$photo_id = $_GET['photo_id'];
$thumbnail_id = $_GET['thumbnail_id'];
function deletePhotos($id){
// If is a file then delete the file.
if(is_file($id)){
return unlink($id);
// Else show error.
} else {
echo $id . " is not a file, or there is a problem with it.<br />" ;
}
}
if(isset($photo_id)){
deletePhotos($photo_id);
}
if(isset($thumbnail_id)){
deletePhotos($thumbnail_id);
}
?>
The AJAX
function deletePhoto(photo, thumbnail){
var photos = encodeURIComponent(photo);
var thumbnails = encodeURIComponent(thumbnail);
if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else {// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("media").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id=\""+photos+"\"&thumbnail_id=\""+thumbnails+"\"", true);
xmlhttp.send();
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您的 ajax 请求包含引号中的数据。
Your ajax request has the data in quotes.
您需要提供 is_file 的完整路径。像 image.jpg 这样的部分路径不会告诉它该文件所在的位置。如果它应该相对于文档根目录,则需要在前面添加它。
这是我见过的最危险的脚本之一。你可以将任何文件传递到 photo_id 中,只要网络服务器具有正确的权限,它就会删除它。您至少应该确保将其限制为仅删除特定目录中的文件。
You need to give a full path to is_file. A partial path like image.jpg doesn't tell it where that file is located. If it's supposed to be relative to the document root, you'll need to prepend that.
This is one of the most dangerous scripts I've ever seen. You could pass any file into photo_id, and as long as the web server has the right permissions, it would delete it. You should at least make sure you're restricting it to only delete files within a certain directory.
例如,您可能需要指定路径
file_exists( realpath('.') . '/' . $id );(假设您的文件与脚本位于同一文件夹中),正如其他人所说,这是一个危险的脚本,除非有其他安全措施!
you might need to specify the path for example
file_exists( realpath('.') . '/' . $id );(assuming your files are in the same folder as your script) ditto what others have said, this is a dangerous script unless there is other security in place!
尝试在帖子中使用修剪或获取变量,例如:
在我的情况下,问题是
$photo_id返回没有文件名 - 它返回类似“\nfilename”的内容,而它应该是“filename”所以我添加了trim并且它现在对我有用。try to use trim in your post or get variable, ex:
in my case the problem is
$photo_idreturns no file name - its returns something like this '\nfilename', when it should be 'filename' so I addedtrimand its worked for me now.