Why When i deleted image from database not deleted also from server folder?

Question

The problem is that the deletion is done only from the database and not from the server folder also. Is there an error with my code?

This deleteIMG.php

<?php
include('dbh.inc.php');
if (isset($_POST['submit4'])) {



    //DELETE FILE
    $del_img=$_GET['name'];
    $queryy = "DELETE FROM table1 WHERE name='$del_img'";
    $result = mysqli_query($conn, $queryy);

    if ($result) {
        ?> <script> alert('This image has been deleted.'); window.location ="/pages/pictures.php"; </script>
        <?php 
        unlink("/pages/uploads/$del_img");
    } else {
        ?>
        <script> alert('This image not yet deleted.'); window.location ="/pages/pictures.php"; </script>
        <?php
    }
}   




?>

JS is executed after PHP is done, so that doesn't really make sense — Qirel, Aug 23 '18 at 19:23
@Qirel It's interesting how one incorrect comment can trigger two identically incorrect answers... — MonkeyZeus, Aug 23 '18 at 19:26
I would advise aganst using $_GET data inside an unlink function ... a user could ../../ and delete your website ... In any case, comment out the page change and see if you have an error when the unlink is used. — Patrick Simard, Aug 23 '18 at 19:28
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Aug 23 '18 at 19:35
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Aug 23 '18 at 19:36
Don't use `alert()`, it's extremely annoying for people. Don't use `window.location` to redirect, instead set the [`Location:` header](https://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php). Always check the result of functions like `unlink` before rendering "success" messages of any kind. Always check your error logs on the server to see if anything malfunctioned. — tadman, Aug 23 '18 at 19:37

MonkeyZeus · Answer 1 · 2018-08-23T20:05:29.363

1

Update

The ultimate answer was to change unlink("/pages/uploads/$del_img"); into unlink("pages/uploads/$del_img"); because the absolute path is wrong.

If my original answer was actually read and followed then this debacle could have been avoided.

Per the docs for unlink():

Deletes filename. Similar to the Unix C unlink() function. An E_WARNING level error will be generated on failure.

So unlink("/pages/uploads/$del_img"); is probably producing an error but your Javascript redirect happens before you get a chance to see the error in your browser.

You need to check your PHP logs for errors or temporarily stop redirecting while you debug your code.

Additionally, make sure you have set error_reporting( E_ALL );.

edited Aug 23 '18 at 20:05

answered Aug 23 '18 at 19:28

MonkeyZeus

20,375
4
36
77

The deletion is successful and a message appears to me that the deletion has been successful. The problem is that the deletion is not done to the server folder. – airex Aug 23 '18 at 19:37
@airex Yes, correct. Stop redirecting for a minute and check for errors generated by `unlink()` since it is clearly failing to remove the file from the server folder but you are redirecting before you can ever see an error on your screen. – MonkeyZeus Aug 23 '18 at 19:40
Really not sure why the downvotes are coming in. Can anyone tell me what is incorrect about this answer? – MonkeyZeus Aug 23 '18 at 19:46
Follow photos in order ..https://prnt.sc/km65pt /// https://prnt.sc/km65wd /// https://prnt.sc/km64i4 /// https://prnt.sc/km6680 /// http://prntscr.com/km67pf – airex Aug 23 '18 at 19:57
@airex I get it but you are not listening. `unlink()` is producing an error which you are not seeing. Anyways, your screenshot reveals that your path is wrong; change `unlink("/pages/uploads/$del_img");` into `unlink("pages/uploads/$del_img");` since you are deleting an image relative to your PHP file's location. – MonkeyZeus Aug 23 '18 at 20:03
@airex If you're the one that downvoted me then feel free to upvote instead because I've edited my answer. – MonkeyZeus Aug 23 '18 at 20:05
In my opinion, the operations related to deleting rows should at least be contained inside a transaction, just in case something like this happens, the file won't ever be looked at, and if the row can be deleted but the file cannot, that should call for an exception, not just delete the row leaving the orphan file behind. – Rafael Aug 23 '18 at 20:09
@MonkeyZeus I've changed the path as you told me and the problem is going on and I apologize to you if I downvoted you – airex Aug 23 '18 at 20:13
@airex, did you check if in the server, php has the necessary permissions to delete the file? – Rafael Aug 23 '18 at 20:25
@rafael how i can check that ? -_- – airex Aug 23 '18 at 20:45
Using `$ ls -la` in the folder where the files are...? – Rafael Aug 23 '18 at 20:46
files are in folder "pages" and Permissions of this folder 755 – airex Aug 23 '18 at 20:58
Great. And on your server the www-data is the owner of the file? I didn't get notified of your answer. Would have come earlier. – Rafael Aug 23 '18 at 23:35

score -2 · Answer 2 · answered Aug 23 '18 at 19:48

-2

You are executing the javascript window.location before you execute the PHP unlink command. Just reorganize your code so that it looks like this :

if ($result) {
        unlink("/pages/uploads/$del_img");
        ?> 
<script> 
   alert('This image has been deleted.'); window.location ="/pages/pictures.php"; </script>
        <?php 
    } else {
        ?>
        <script> alert('This image not yet deleted.'); window.location ="/pages/pictures.php"; </script>
        <?php
    }?>

answered Aug 23 '18 at 19:48

Jim_M

273
1
2
10

1

Just wanted to let you know that with PHP all of the code finishes processing on the server and then the HTML/Javascript is sent to the browser. So before the browser is even instructed to redirect, `unlink()` was already executed. – MonkeyZeus Aug 23 '18 at 19:57

Why When i deleted image from database not deleted also from server folder?

2 Answers2