How can I delete image using PHP Mysqli?

General PHP Help
#1

Hi, all.
I have faced a problem. I am begginer in PHP so I need your help!! I have backend system where admin can delete images from database, or upload another one. There is the code I did to delete the image, but something is wrong. I have three types of php pages,
(i) contact-add-script.php (for store data in database).
(ii) contact-view.php (Landing Page, here is avalible delete button).
(iii) contact-delete.php
Could you,please help with answer what is wrong and may be gove your solution? Thanks in advance!

(i) contact-add-script.php (for store data in database).

   <?php

    include ("../../inc/connect.php");

    if(isset($_POST['upload-form'])){

    	$maxsize = 40000; // 4KB

    	$category = $_POST['con_cat'];
    	$name = $_POST['name'];
    	$nick = $_POST['nick_tit'];
    	$email = $_POST['email'];
    	$mobile = $_POST['mobile'];
    	$address = $_POST['address'];
    	$remark = $_POST['remark'];
    	$file = $_FILES['photo'];

    	// image upload steps
    	$filename = rand(1000,100000)."-".$file['name'];
    	$filepath = $file['tmp_name'];
    	$fileerror = $file['error'];
    	$extension =  $file['size'];

    	$imageFileType = strtolower(pathinfo($filename,PATHINFO_EXTENSION));
    	
    	// Allow certain file formats
    	if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
    		echo "<script>window.open('contact-view?error=Sorry Only JPG, JPEG and PNG files are Allowed...!!! Please Refresh This Page','_self')</script>";
    	}else{
    	// Allow only 4KB Image Size
    	if(($file['size'] >= $maxsize) || ($file['size'] == 0)) {
        	echo "<script>window.open('contact-view?error=File Size too large. File must be less than 40KB..!!! Please Refresh This Page','_self')</script>";
      	}
      	else{

    	if($fileerror == 0){
    		$destfile = "upload/contacts/" . $filename;
                move_uploaded_file($filepath, $destfile);

    		$insert_number = "insert into contact_numbers (lebel,name,nick_tital,email,mobile,address,remark,image)
    		value('$category','$name','$nick','$email','$mobile','$address','$remark','$destfile')";
    		$run_query = mysqli_query($conn, $insert_number);

    		if($run_query){

            echo "<script>window.open('contact-view?added=Contact Number Has Been Added Sucessfully...!!! Please Refresh This Page','_self')</script>";
        	}else{
        		echo "<script>window.open('contact-view?error=Contact Number Not Uploaded Try Again...!!! Please Refresh This Page','_self')</script>";
        	}
        }
    	}
    	}
    	}else{
        	echo "<script>window.open('contact-view?error=Contact Number Not Uploaded Try Again...!!! Please Refresh This Page','_self')</script>";
    }
    ?>

(ii) contact-view.php (Landing Page, here is avalible delete button).

        ////////<a href="contact-delete.php?del_contact=<?php echo $id; ?>">
              <span class="badge badge-danger">Delete</span>
        </a>

(iii) contact-delete.php

<?php 
	include('../../inc/connect.php');

	if(isset($_GET['del_contact'])){

	$delete_project = $_GET['del_contact'];

	$delete_pro = "delete from contact_numbers where id='$delete_project'";

	$run_delete = mysqli_query($conn, $delete_pro);

	if($run_delete){

        echo "<script>window.open('contact-view?deleted=Contact Number Has Been Deleted Sucessfully...!!! Please Refresh This Page','_self')</script>";
      }
}
?>

Please Help which code to add for deleting image from folder.

dberror
dberror1106Ă—452 38.1 KB

#2

Well, not sure what all that code is just to delete an image, but, here are some things to think about.

You shouldn’t use GET to delete items with. Any beginner hacker could post to your site and delete all your data by sending deletes for all ID’s. You would need to secure how you send the ID to delete to that code section. I suggest using the $_SESSION array since it stays on the server and is never issued thru the URL.

Next, deleting the contact info using queries will get rid of the contact’s info as you showed already. Then, you also need to delete the actual image file. That can be done with the UNLINK function. Loosely, it is done like this:

$image = "folder-name/images/user1234.jpg";
unlink($image);

You can point the unlink to the file you want to delete using a string variable or the output of a database field as needed. Hope this helps!

1 Like
#3

please guide where is add this unlink function…
please write full code delete image with data.

#4

Well, you already have the ID of the contact you want to delete. But, you do not have the pointer to the field in that contact record. You would need to get that address of the image from the database, then delete it. You could do it something like this. You need to get the address first, then delete the record.

if (isset($_GET['del_contact'])){
    //  User request to delete this contact, get contact image location and delete it
    $result = mysqli_query($conn, "SELECT image FROM contact_numbers WHERE id='" . $_GET['del_contact'] . "'");
    $row = mysqli_fetch_assoc($result);
    unlink($row["image"]);
    //  Now delete the actual contact record
    $delete_pro = "delete from contact_numbers where id='$delete_project'";
    $run_delete = mysqli_query($conn, $delete_pro);

    if($run_delete){
        echo "<script>window.open('contact-view?deleted=Contact Number Has Been Deleted Sucessfully...!!! Please Refresh This Page','_self')</script>";
    }
}

Something like this would work. But, it is unsafe as you are using GET which lets someone post to your site and delete all your contact accounts. Hope this helps!

Sponsor our Newsletter | Privacy Policy | Terms of Service