Posted by Ruben van Engelenburg on 01/22/07 18:08

marce1972 wrote:

> Do I rite this on my php code as you wrote it?
>
> $nom=$_POST['numero'];
> $sql="DELETE FROM canciones WHERE idcancion='$nom';";
> mysql_query($sql) or die ("problema con borrado");
> $arch=$_POST['ref'];
> @unlink($arch);
>
> Is this correct
> Thanks I'll download the other option webdav too to see if it works

No, as Arjen already pointed out: check the input. This means you should
check the value of $_POST['ref'], because if you don't the user will be
able to delete any file the webserver has writing rights to.

Ruben.

[Back to original message]