Hello. Just been trawling the net for about 2 hours. I have got my upload script working and all is good. There were a million and one sites to tell me how to do this but no one seems to want to tell me how to remove it again if the user no longer requires it. Say if they uploaded a new avatar I want to remove the old one. Anyone know a site that can tell me this or give me a clue.

Thanks

Google is your friend

http://uk2.php.net/unlink

Im not sure how to use this function with regards to where to put the directory name and filename etc.

I have a file called liam1412avatar.jpg

So from what I gather from this function I would use

unlink(liam1412.jpg);

Where do I define the directory or do I just add it all to the unlink.

ie unlink(d://easyphp1.8/www/klubdeutsch/images/profilepics/liam1412.jpg);

The file is stored in d://easyphp1.8/www/klubdeutsch/images/profilepics/liam1412avatar.jpg

I know this may seem dumb to some of you for which im sorry but just been looking for ages and googled every possible thing related.

im assuming here that d://easyphp1.8/www/klubdeutsch/ is your 'local' webroot.. (Where your site is storred locally??)

If thats the case, then why not just use something like.. unlink('../images/profilepics/' . $file)

Yeah That is my web root. Thanks for your help ghozer

Be VERY careful with allowing remote users to delete files themselves. Especially if there is any way that they can specify the filename. It would probably be better to rename the file or move it to a different directory and then write yourself an admin function to (un)delete the files. This way, only trusted users can delete data. Untrusted users can believe all they want :)

Cheers for that. i have just added a little function that will delete the old file when they upload a new one or click on the button to delete that image so I don't think it will be a problem. The file name will only be available to them by view source so i don't think it should be too much of a problem. what you reckon.???

ps I have also written a line at the top of my delete.php that checks that the user hasn't just typed the query string into the url.

Is this safe still or would you do it the way you say

remember, this is valid:

unlink('../images/profilepics/../../../../etc/passwd')

just thought i'd point that out, just in case :)

Cheers for that. i have just added a little function that will delete the old file when they upload a new one or click on the button to delete that image so I don't think it will be a problem. The file name will only be available to them by view source so i don't think it should be too much of a problem. what you reckon.???

ps I have also written a line at the top of my delete.php that checks that the user hasn't just typed the query string into the url.

Is this safe still or would you do it the way you say

If the filename is sent to the browser (even if it's not shown on screen and only in the source code), then there is a good chance a request can be faked with other filenames. If you can keep the filename server side only it's much safer.

I've got a very cut down message board, which includes avatars. Each user has a set filename for their avatar, and when they upload a new file, the server can work out the filename, and rename the uploaded file. If they delete their avatar, the server works out which file to delete, based on who is making the request, not information which is transmitted in the request.

Not having seen your code, I can't tell you whether the way you are doing it is safe or not. One idea I was always taught (I personally worked on ASP for a few years, then started a job where I had to work with PHP - chucked in the deep end!), is not to send any information to the client, unless you absolutely have to. If you receive information from the client, don't believe any of it, unless you absolutely have to.

Good luck!

If you don't know where the webroot is and don't want to hardwire then use

$_SERVER['DOCUMENT_ROOT']

This will point to your httpdoc root in Apache whether it's local or on a remote server.

If you rename an image to xyz.gif and then the user uploads a new image to replace xyz.gif, give it a different name to xyz.gif because browsers may have cached the image and it may take some time before the image is re-loaded, so the user thinks that the system is broken because they can't see their new image.