Since the script simply displays the name of the files, it is a matter of running a query and listing the returned names in a HTML table. This is more or less what the script does in the code below:

<?php

include "dbcon.php";

include "functions.php";

The code checks to see if the received project id is actually a number. If it is not, the user is redirected to the login page. The project id is tested with the 'is_numeric()' function, but a regex pattern checking function will do just as well:

if(isset($_GET['pid'])){

//clean pid

if(!is_numeric($_GET['pid'])){

//the value received is not numeric. redirect the user to login

header("location:login.php");

}

If the project id is indeed a number, it is then cleaned and used in a query:

//otherwise clean the received value for query use

$cpid = mysql_escape_string($_GET['pid']);

//get project name

The first query that is run, is to retrieve the title of the project for which you want to view the files. So the project id is used to retrieve that specific project's details and if the title is found, it is then stored in a variable called $title:

$getname = "SELECT title FROM projects WHERE pid = '".$cpid."'";

$g_result = mysql_query($getname);

if(!$g_result){

echo mysql_error()

}else{

$rowname = mysql_fetch_assoc($g_result);

$title = $row['title'];

}

The project id is used again to retrieve a list of files that belong to this project:

//get the files

$getfiles="SELECT * FROM files WHERE p_id = '".$cpid."' ORDER BY fid";

$result = mysql_query($getfiles);

if(!$result){

echo mysql_error();

}else{

The number of rows that have been returned are stored in the $num variable:

$num=mysql_num_rows($result);

}

?>

In the HTML below, the $num variable is going to be used to create a dynamic table. This table will list all the files of this project, and give the user the option to remove the files. This will be done dynamically based on the number of rows returned in the query above:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>Untitled Document</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->

<link href="Templates/main.css" rel="stylesheet" type="text/css" />

</head>

<body>

<table width="100%" border="0">

<tr>

<td width="33%">&nbsp;</td>

<td width="28%">&nbsp;</td>

<td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="main" -->

<table width="99%" border="0">

<tr>

<td colspan="2" class="loginheader"><?php echo $title;?> </td>

</tr>

The main headers for this table are written first, and then the dynamic rows are created:

<tr>

<td>Files used by this project: </td>

<td>&nbsp;</td>

</tr>

<tr>

<td>&nbsp;</td>

<td>&nbsp;</td>

</tr>

<tr>

<td><strong>File Name</strong></td>

<td><strong>Action</strong></td>

</tr>

PHP checks to see if the $num variable is greater than zero. If it is, then it will determine how many dynamic rows are going to be created. At the same time, a while() loop will be started to retrieve all the results from the query and display them until the loop ends:

<?php

if($num > 0){

while($row = mysql_fetch_assoc($result)){?>

<tr>

<td><?php echo $row['filename']?> </td>

<td><a href="delete_file.php?fid=<?php echo $row['fid']?> & cpid=<?php echo $cpid?> ">Delete</a></td>

</tr>

<?php

}

If the $num variable contains a value that is less than one, then the message below is displayed:

}else{

?>

<tr>

<td colspan="2"><p>There are no files uploaded for this project.</p></td>

</tr>

<?php }

?>

</table>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td colspan="3"><!-- InstanceBeginEditable name="nav" --><a href="main.php">View Project List</a> | <a href="admin/login.php">Administrators Corner </a><!-- InstanceEndEditable --></td>

</tr>

<tr>

<td align="right" class="cright" colspan="3">copyright &copy; 2007 PM </td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>

There are two headers presented to the user by this form. One is the file name and the other is "action." Under the action header, the option to delete the file is presented, with a link to the delete_file.php file. The code for this file is below:

<?php

include "dbcon.php";

include "functions.php";

$remove = "DELETE FROM files WHERE fid = '".$_GET['fid']."'";

mysql_query($remove);

header("localtion:view_files.php?pid=".$_GET['cpid']."");

?>

The query removes the file name from the files database table, using the fid (file id) that is sent over from the "view_files" script.