使用 AJAX/PHP 删除文件

发布于 2024-09-13 09:28:58 字数 1925 浏览 17 评论 0原文

问题


我想使用 AJAX/PHP 删除文件。

但是php说我用AJAX发送的文件名不是文件,但是当我直接转到链接时我可以删除文件。看看我当前的 PHP,我放入了 IF/ELSE 语句来检查字符串是否是带有:is_file 的文件,结果是 false

如果没有 is_file 则表示:

Warning: unlink("image.jpg") [function.unlink]: Invalid argument in C:\wamp\www\images\users\delete.php on line 8

调用ajax的文件位于我要删除的文件所在的文件夹内。

PHP


<?php
    // I save the file sources from the URL what was sent by AJAX to these variables.
    $photo_id = $_GET['photo_id'];
    $thumbnail_id = $_GET['thumbnail_id'];

    function deletePhotos($id){
        // If is a file then delete the file.
        if(is_file($id)){
            return unlink($id);
        // Else show error.
        } else {
            echo $id . " is not a file, or there is a problem with it.<br />" ; 
        }
    }

    if(isset($photo_id)){
        deletePhotos($photo_id);
    }
    if(isset($thumbnail_id)){
        deletePhotos($thumbnail_id);
    }

 ?>

AJAX


function deletePhoto(photo, thumbnail){

        var photos = encodeURIComponent(photo);
        var thumbnails = encodeURIComponent(thumbnail);

        if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
          xmlhttp=new XMLHttpRequest();
        } else {// code for IE6, IE5
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }

        xmlhttp.onreadystatechange=function() {
            if (xmlhttp.readyState==4 && xmlhttp.status==200) {
                document.getElementById("media").innerHTML=xmlhttp.responseText;
            }
        }
        xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id=\""+photos+"\"&thumbnail_id=\""+thumbnails+"\"", true);
        xmlhttp.send();
    }

The problem


I want to delete a file with AJAX/PHP.

But the php says that the file name what I send with AJAX is not a file, but when I go directly to the link I can delete the files. Check out my current PHP, I've put in the IF/ELSE statement to check if the string is a file with: is_file, the result is false.

Without is_file says this:

Warning: unlink("image.jpg") [function.unlink]: Invalid argument in C:\wamp\www\images\users\delete.php on line 8

The file what calls the ajax is inside the folder where are the files too what I want to delete.

The PHP


<?php
    // I save the file sources from the URL what was sent by AJAX to these variables.
    $photo_id = $_GET['photo_id'];
    $thumbnail_id = $_GET['thumbnail_id'];

    function deletePhotos($id){
        // If is a file then delete the file.
        if(is_file($id)){
            return unlink($id);
        // Else show error.
        } else {
            echo $id . " is not a file, or there is a problem with it.<br />" ; 
        }
    }

    if(isset($photo_id)){
        deletePhotos($photo_id);
    }
    if(isset($thumbnail_id)){
        deletePhotos($thumbnail_id);
    }

 ?>

The AJAX


function deletePhoto(photo, thumbnail){

        var photos = encodeURIComponent(photo);
        var thumbnails = encodeURIComponent(thumbnail);

        if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
          xmlhttp=new XMLHttpRequest();
        } else {// code for IE6, IE5
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }

        xmlhttp.onreadystatechange=function() {
            if (xmlhttp.readyState==4 && xmlhttp.status==200) {
                document.getElementById("media").innerHTML=xmlhttp.responseText;
            }
        }
        xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id=\""+photos+"\"&thumbnail_id=\""+thumbnails+"\"", true);
        xmlhttp.send();
    }

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

心清如水 2024-09-20 09:28:58

您的 ajax 请求包含引号中的数据。

//Bad
delete.php?photo_id="1234"

//Good
delete.php?photo_id=1234

//So use this:
xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id="+photos+"&thumbnail_id="+thumbnails, true);

Your ajax request has the data in quotes.

//Bad
delete.php?photo_id="1234"

//Good
delete.php?photo_id=1234

//So use this:
xmlhttp.open("GET", "http://192.168.2.104/images/users/delete.php?photo_id="+photos+"&thumbnail_id="+thumbnails, true);
三五鸿雁 2024-09-20 09:28:58
  • 您需要提供 is_file 的完整路径。像 image.jpg 这样的部分路径不会告诉它该文件所在的位置。如果它应该相对于文档根目录,则需要在前面添加它。

  • 这是我见过的最危险的脚本之一。你可以将任何文件传递到 photo_id 中,只要网络服务器具有正确的权限,它就会删除它。您至少应该确保将其限制为仅删除特定目录中的文件。

  • You need to give a full path to is_file. A partial path like image.jpg doesn't tell it where that file is located. If it's supposed to be relative to the document root, you'll need to prepend that.

  • This is one of the most dangerous scripts I've ever seen. You could pass any file into photo_id, and as long as the web server has the right permissions, it would delete it. You should at least make sure you're restricting it to only delete files within a certain directory.

半边脸i 2024-09-20 09:28:58

例如,您可能需要指定路径

file_exists( realpath('.') . '/' . $id );

(假设您的文件与脚本位于同一文件夹中),正如其他人所说,这是一个危险的脚本,除非有其他安全措施!

you might need to specify the path for example

file_exists( realpath('.') . '/' . $id );

(assuming your files are in the same folder as your script) ditto what others have said, this is a dangerous script unless there is other security in place!

小傻瓜 2024-09-20 09:28:58

尝试在帖子中使用修剪或获取变量,例如:

$photo_id=trim($_GET['blah..blah']);

在我的情况下,问题是 $photo_id 返回没有文件名 - 它返回类似“\nfilename”的内容,而它应该是“filename”所以我添加了 trim 并且它现在对我有用。

try to use trim in your post or get variable, ex:

$photo_id=trim($_GET['blah..blah']);

in my case the problem is $photo_id returns no file name - its returns something like this '\nfilename', when it should be 'filename' so I added trim and its worked for me now.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文