$_GET not getting a value

Question

I write this code for remove pictures from my library project,

but it won't get a value somehow, i am unable to figure out what is going on, could someone help me with this?

i get an undefined index as error.

$foto = new fotobibliotheek;
$fotos = $foto->fetch_all();

    if(isset($_GET['verwijderen'])) 
    {
        echo $_GET['foto_id'];
        echo $_GET['fotourl'];
          $fotoid = $_GET['foto_id'];
          $filename = $_GET['fotourl'];
          echo $filename;
          if (file_exists($filename)) {

            // bestand verwijderen uit de map

            unlink($filename);

            // link naar de map verwijderen die in het database staat

            $query = $pdo->prepare("DELETE FROM fotobibliotheek WHERE foto_id =?");
            $query->bindValue(1,$fotoid);
            $query->execute();

            // succes bericht

            echo 'File '.$filename.' het bestand is verwijderd';
          } else {

            // fout bericht

            echo 'dit bestand '.$filename.', kan niet worden verwijderd';
          }
    }


<?php

foreach($fotos as $foto)
    { ?>
            <div class ="container2item">
                <form method ="get">
                    <p name="foto_id"><?php
                    echo $foto['foto_id'] ?></p>
                    <h2><?php echo $foto['foto_naam'] ?></h2>
                    <img src="<?php echo $foto['foto_url'] ?>" width="300" height="170" name="fotourl" />
                    <p> <?php echo $foto['foto_omschrijving'] ?> </p>
                    <input type="submit" name="verwijderen" value="Foto Verwijderen">   
                </form>
            </div>
    <?php
    } ?>

hi on this: $fotoid = $_GET['foto_id']; $filename = $_GET['fotourl']; — Max Clasener, Sep 28 '17 at 08:36
Don't just assume that if one `$_GET` is set that the others are, validate them all. — Script47, Sep 28 '17 at 08:36
Make sure that they are set and that you don't have spaces in the URL (i.e http://www.example.com/page.php?foto_id = foo) Please edit your answer with the exact error you get. — JustCarty, Sep 28 '17 at 08:38
@MaxClasener What is the exact error? It will give you a line number and an index that is invalid. Can we also have the URL of the page that throws the error? — JustCarty, Sep 28 '17 at 08:53

score -1 · Answer 1 · edited Oct 02 '17 at 16:26

-1

Add a query.
Example :

$sql = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT file FROM table where id='{$_GET[id]}'");
if(mysqli_num_rows($sql) != 0) {
    while($data = mysqli_fetch_assoc($sql)) {
        unlink($data['file']);
    }
}

So database will find your file photo from the unique index, then delete it from your directory. Example URL should be www.example.com?id=2.

edited Oct 02 '17 at 16:26

JustCarty

3,261
3
26
46

answered Sep 28 '17 at 08:47

Dragon Chs

1
3
11

1

There is so much in this answer that hurts my eyes. Use [mysqli_*](http://php.net/manual/en/book.mysqli.php), use [prepared statements](http://php.net/manual/en/mysqli.prepare.php) – JustCarty Sep 28 '17 at 08:52
2

You really dont want to include your $_GET variable - or any user input - in a sql query like that. See https://stackoverflow.com/questions/601300/what-is-sql-injection. Also as @JustCarty already stated `mysql` is deprecated in php. Use `mysqli` or `PDO`. – Fabian Schöner Sep 28 '17 at 09:06
OMG. i got something to learn.. all my app use mysql_* thanx for ur info guys.. i will learn again to change it all. Sorry for my bad answer. – Dragon Chs Sep 28 '17 at 09:09
i has changed the code mysql_* to mysqli_*.. tell me if it works. – Dragon Chs Sep 28 '17 at 09:51

$_GET not getting a value

1 Answers1