Posted by Ruben van Engelenburg on 01/22/07 18:08

marce1972 wrote:

> Do I rite this on my php code as you wrote it?
>
> $nom=$_POST['numero'];
> $sql="DELETE FROM canciones WHERE idcancion='$nom';";
> mysql_query($sql) or die ("problema con borrado");
> $arch=$_POST['ref'];
> @unlink($arch);
>
> Is this correct
> Thanks I'll download the other option webdav too to see if it works

No, as Arjen already pointed out: check the input. This means you should
check the value of $_POST['ref'], because if you don't the user will be
able to delete any file the webserver has writing rights to.

Ruben.

• Next in forum: Re: use virtual hosts to develop locally but upload throws error in source file references
• Prev in forum: Re: How to delete a file in my web server via php
• Thread view: Re: How to delete a file in my web server via php

[Reply to this message]