NYCPHP Meetup

[nycphp-talk] Bullet proofing "rmdir" command

Hans Zaunere hans at nyphp.org
Tue Aug 12 10:18:32 EDT 2003



Jeff wrote:

> I have a specific subdirectory on my site where users can upload images
> files associated with some text stored in a database. The question
> concerns deleting those uploaded images. Deleting the record is the easy
> part...even deleting the images and subdirectory is easy. However, my
> concern is what precautions should I take to make sure that the wrong
> subdir (or the whole site!!) doesn't get blown away. In the code below
> I'm using file_exists to delete the images and subdir but is there
> anything else that I should do to bullet proof the procedure? 
> 
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.

is_dir()/is_file() is good for this, since it'll check the inode type and ensure a real path (which may, however, be relative to the current working dir).

for( $i = 0; $i < 5; ++$i ) {
   $sImageName = "{$sSubDir}image{$i}.jpg";
   if( is_file($sImageName) )
      unlink($sImageName);
}

if( is_dir($sSubDir) )
   rmdir($sSubDir);

H






More information about the talk mailing list