[nycphp-talk] Bullet proofing "rmdir" command

Jeff jsiegel1 at
Tue Aug 12 10:28:57 EDT 2003


See my comment to David Sklar. I think this handles the
issue...especially since I'm not using relative dirs.


-----Original Message-----
From: talk-bounces at [mailto:talk-bounces at]
On Behalf Of Hans Zaunere
Sent: Tuesday, August 12, 2003 9:19 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Bullet proofing "rmdir" command

Jeff wrote:

> I have a specific subdirectory on my site where users can upload
> files associated with some text stored in a database. The question
> concerns deleting those uploaded images. Deleting the record is the
> part...even deleting the images and subdirectory is easy. However, my
> concern is what precautions should I take to make sure that the wrong
> subdir (or the whole site!!) doesn't get blown away. In the code below
> I'm using file_exists to delete the images and subdir but is there
> anything else that I should do to bullet proof the procedure? 
> //Note: $sSubDir is the subdirectory path stored in the corresponding
> MySQL record.

is_dir()/is_file() is good for this, since it'll check the inode type
and ensure a real path (which may, however, be relative to the current
working dir).

for( $i = 0; $i < 5; ++$i ) {
   $sImageName = "{$sSubDir}image{$i}.jpg";
   if( is_file($sImageName) )

if( is_dir($sSubDir) )


talk mailing list
talk at

More information about the talk mailing list