1

I want to do that I want to select a file from my server and delete it from server and database. It does too but when it deletes, it starts to do it infinite times. So there is an infinite loop and I didn't understand why.
Here is my delete.php where I select my file to delete:

<html>
<body>
<title>Delete your uploads</title>

<?php
session_start();
$username =$_SESSION["uname"];
?>
<form action="deleted.php" method="post">

<?php
$con = mysqli_connect("localhost", "root", "", "webpage");
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql= mysqli_query($con, "SELECT imagesnotes FROM datas where username='$username'");
echo "File or Image";

echo'<select name="imagesnotes">';
echo'<option value="" selected="selected">Select a File</option>';

while($row = mysqli_fetch_array($sql))

{
    echo'<option value="' . $row['imagesnotes'] . '">'. $row['imagesnotes'] .'</option>';
}
echo'</select></p><p>';

mysqli_close($con);
 ?>
<td width="80"><input name="download" type="submit" class="box" id="download" value=" download "></td>
</form>
</body>
</html>

And here is my deleted.php file which confirms it:

<?php
session_start();
$username =$_SESSION["uname"];
?>
<?php
$con = mysqli_connect("localhost", "root", "", "webpage");
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$imagesnotes = $_POST['imagesnotes'];
  $target_dir = "uploads/";
  $target_file = $target_dir . basename($imagesnotes);
$sql = mysqli_query($con,"delete from datas where username='$username' and  imagesnotes='$imagesnotes'");

while($sql)
{
$delete = unlink($target_file);
if($delete)
{
echo '<br>you deleted your file from our server</br>';
}
else 
{
echo 'An error occured';
}
$sql2 = mysqli_query($con,"delete from userdata where username='$username' and imagesnotes='$imagesnotes'");
if(!$sql2)
{
echo "<br>we couldn't delete some of your data from the database please contact administrators.</br>";
}
echo "<br> We deleted your files from server and database. <br>";
}
if(!$sql) 
{
echo "<br>There is a problem with connection or our MySQL code, Please contact administrators.</br>";
}
mysqli_close($con);
?>

Everything seems true. Can you help me please?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
crysispeed
  • 45
  • 1
  • 8
  • You have a loop beginning with `while($sql)` but nothing inside the loop modifies `$sql` - perhaps you intended `if ($sql)` ? – Paul Dixon Jan 04 '15 at 14:29
  • Your code also not secure. There are some sql-injections http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – Ziumin Jan 04 '15 at 14:44

2 Answers2

2

Funcion mysqli_query returns always TRUE when performing successful delete query. This is cause of infinite loop.

You don't need loop results, when you have single file name ($_POST['imagesnotes']).

...
$sql = mysqli_query($con,"delete from datas where username='$username' and  imagesnotes='$imagesnotes'"); // $sql = TRUE on success
$delete = false;
if (file_exists($target_file)) {
    $delete = unlink($target_file);
}
...
Kepi
  • 374
  • 2
  • 7
1

You Should loop through No of rows of $sql results.

$sql = mysqli_query($con,"delete from datas where username='$username' and  imagesnotes='$imagesnotes'");

$loop = mysqli_num_rows($sql);

for ($i=0, $i <= $loop, $i++) {

$delete = unlink($target_file);

if($delete) {
echo '<br>you deleted your file from our server</br>';`
}
else 
{
echo 'An error occured';
}
Nutan Nara
  • 11
  • 7