delete image and table record from mysql database

I Have inherited code from another designer. Initially all that that could be done to the database was add or update, Now the client wants to delete records and the associated image.

I created the delete but am not sure ... OK don't know how to delete the images. I am including the delete code.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DDeanAuthor Commented:
Also I was going to display the image to make sure they know what is going to be removed
Ray PaseurCommented:
Good idea to confirm any delete operation.  Also a good idea to soft-delete the data.  Soft-delete is a concept in database design that uses a "deleted_at" TIMESTAMP column to mark data that should not be returned in an active-record query results set.  Your queries for live data simply add a clause like WHERE deleted_at IS NULL or similar to the WHERE clause.  Soft-delete holds out the promise that an errant delete can be undone

To remove a file from the file system, you use PHP unlink().  You would need to be aware of the current working directory and the URL paths.  A correctly designed database would have the URL paths.  PHP getcwd() can be used to detect where the script is running.  If you use soft-delete, you might not want to actually delete the file.  Storage is cheap; reconstructing deleted information takes a long time and costs a lot of money.

In the code snippet, I see the script uses the mysql_xxx() extension functions.  That's a big no-no.  You must get off MySQL because PHP is doing away with MySQL support. This article explains why and what you must do to keep your scripts running.

Scripts that use external data in a query string are "sitting ducks" in terms of web security.  You might want to catch up on the current thinking about security.  It's a lot to learn -- give yourself time to read, absorb, write test scripts, etc.  In any case, my advice is that you should NOT deploy this script until you understand how to filter external data for safe use in a query, and you make the changes to ensure that external data cannot be used to delete unwanted information from your database.

HTTP requests have purposes that are specific to their usage.  GET requests must be idempotent and nullipotent.  POST requests may change the data model.  You must not use a GET request to change the data model.  Taken together, these articles explain why, and what can go wrong if you violate the rules of the HTTP client/server model.

From the look of this question and the code snippet, I would guess that you may be new to PHP.  If you want to learn the language, this article will help you get started on firm footing.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.