The forums have permanently moved to forum.kirupa.com. This forum will be kept around in read-only mode for archival purposes. To learn how to continue using your existing account on the new forums, check out this thread.


Results 1 to 4 of 4

Thread: PHP mySQL LOOPY!

  1. #1

    PHP mySQL LOOPY!

    Hya Guys.... the script below deletes a file from the server and then deletes its corresponding mySQL entry.

    What im trying to do next is sort all the remaing SQL entires from lowest to highest (by track number) and then remnumber them so that there are no gaps:


    [php]
    <?
    //DELETE THE PHYSICAL FILE AND ITS DB ENTRY - renumber all tracks
    if (isset($_POST['deletetrack'
    ])){
    $filename = $_POST['filename'
    ];
    $tracknum = $_POST['tracknum'
    ];
    $address = "../../audiofiles/$filename"
    ;
    include (
    "../../includes/dbconnect.php"
    );

    $select = "DELETE FROM tracks WHERE url = '$filename'"
    ;
    $delete = mysql_query($select
    );
    unlink ("$address"
    );

    $whatsleft = "SELECT * FROM tracks ORDER BY tracknums ASC"
    ;
    $run = MYSQL_QUERY($whatsleft
    );
    $rows = MYSQL_NUM_ROWS($run
    );
    $fixi = 1
    ;
    WHILE (
    MYSQL_FETCH_ARRAY($run
    )){
    $update = "UPDATE tracks SET tracknums='$fixi'"
    ;
    $doupdate = mysql_query($update
    );
    $fixi
    ++;
    }

    echo (
    "File $filename - has been removed!"
    );
    $con->close
    ;
    include (
    "upload.php"
    );
    }
    ?>


    [php]
    At the moment all it does is set them to the total number of tracks that are in the db....can anyone help?

  2. #2
    PHP Code:
    for($i=i$i<=$run$i++){ 
    $update "UPDATE tracks SET tracknums=$i"
    $doupdate mysql_query($update); 

    replace that instead of your while loop


  3. #3
    Thansk man...I thougth my post had been ignored and ended up usign a much more long winded approach thansk for your help ill be switich to your script

  4. #4
    I hate to make this sort of post, but it's a pet peeve of mine.

    Your PHP code is waiting to be hacked. It's VERY insecure. For example, if I set $_POST['filename'] to the following string:

    1'; DROP TABLE tracks ; SELECT FROM tracks WHERE tracknums='1
    It's going to delete the whole database. You may say "What type of jackass would do that?" The answer, of course, is that there are thousands of people with far too much time on their hands just looking for sites to harass

    Please, if this is for a client, or if it's going to be publicly viewable, use mysql_escape_string() and think about how a bad guy might break your site.

    (What happens if, for example, $_POST['filename'] = '*' ?)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012