0

I have an item page which basically fetches data from the database using an ID in the URL (e.g. item.php?id=1). I want the user to be able to delete the item and be redirected to the homepage WITHOUT having the ability to go back to that page (you can go back to that page by pressing back on the browser), given that when that item is deleted, there's no data left so I'd be left with undefined index errors.

I'm using window.location.replace() to achieve this, but it doesn't work, it's still able to go back to that page because it's still present in the browser history. Here's my code:

<a href='?deleteid=$row[id]' class='btn btn-danger operations'>Delete Post</a>

if (isset($_GET['deleteid'])) {
    $delete = $_GET['deleteid'];
    $query = mysqli_query($con, "DELETE FROM item WHERE id = '$delete'");
    echo "<script>
        window.location.replace('domain.com/end/mobile/');
    </script>";
}
thraxxdv
  • 3
  • 3
  • fwiw, for that deleted page, if it's been deleted, let them get back to it, just throw a 404 back to the user. – castis Oct 26 '17 at 17:13
  • 3
    your code is WIDE open for **SQL injections**, use parameterized statements! imagine someone sending a deleteid like `' or true; -- '` - *all* your items will be lost. – Franz Gleichmann Oct 26 '17 at 17:14
  • Possible duplicate: https://stackoverflow.com/questions/12381563/how-to-stop-browser-back-button-using-javascript – Ray Paseur Oct 26 '17 at 17:15
  • Also one visit to your page by google spider will wipe your database. NEVER have a delete in a href – mplungjan Oct 26 '17 at 17:20
  • Even if you stop them from using the Back button, they can still type the URL manually in the address bar. You need to deal with that and produce a useful error message. – Barmar Oct 26 '17 at 17:33
  • It seems to me that a php redirect would be better than trying to have the browser do a client-side redirect. – James Oct 26 '17 at 18:30
  • @Barmar I'm gonna convert this into a webview on Android, so they won't be able to type anything in the URL – thraxxdv Oct 27 '17 at 01:21

0 Answers0