-4
php admin.:
$file = $_GET['apagar'];
if (!unlink($file))
{
echo ("arquivo nao encontrado");
}
else
{
echo ("arquivo deletado");
}
<script>function del(){return confirm("Excluir?");}</script>
<a href='?apagar=data1.html' onclick='return del();'>Apagar</a>
<a href='?apagar=data2.html' onclick='return del();'>Apagar</a>
<a href='?apagar=data3.html' onclick='return del();'>Apagar</a>
So far so good!
The problem is here, accessing the direct url deletes the index.php file which I do not want.
http://127.0.0.1/admin.php?apagar=index.php
The best way is to have a list of files in the comic book and only let delete if it exists. Or else have the files that are to delete in a different directory from the files
.php
.– Jorge B.
@Jorgeb. Even if you leave it in a different folder, you can delete http://127.0.0.1/admin.php? delete=.. /config.php deletes even more important files. :-|
– Rose
you need to take access to those folders first and only give access to the folder where the files will be.
– Jorge B.
you can make a list in the database as Jorge B. suggested or an array with the pages you do not want to be deleted and before the execution of
unlink($file)
you check if what came in$_GET["apagar"]
present in the list with ain_array()
, if you are you interrupt the execution– Wees Smith
Alias the ideal is to have a directory only for files that can be edited and deleted and also a record of those same BD files, and only delete if they are in the BD and of course in that directory. Other directories must be protected.
– Jorge B.