I can't delete a directory in PHP when passing in a concatenated string?

Question

I am using the deleteFiles() function in my PHP program to delete directories. It only works when I pass in explicitly defined strings but not when I pass in a string concatenated with variables.

This doesn't work:

// Checks if the user hit the delete button
if(isset($_POST['delete'])){

    $targetDir = "uploads/$id/"; ### This does not work when I pass it in

    deleteFiles($targetDir);

    // Get the id to delete
    $idToDelete = mysqli_real_escape_string($conn, $_POST['idToDelete']);

    // Create sql
    $sql = "DELETE FROM student_data WHERE id = $idToDelete";

    // Redirects user to the homepage if the query is successful
    if(mysqli_query($conn, $sql)){
        header('Location: index.php');
    } else {
        echo 'query error: '. mysqli_error($conn);
    }
}

function deleteFiles($target) {
        $files = glob($target . "/*"); // get all file names
        foreach($files as $file){ // iterate files
            if(is_file($file)) {
                unlink($file); // delete file
            }
        }

        rmdir($target);
}

This does work:

// Checks if the user hit the delete button
if(isset($_POST['delete'])){

    $targetDir = "uploads/82/"; ### If I pass in this it works

    deleteFiles($targetDir);

    // Get the id to delete
    $idToDelete = mysqli_real_escape_string($conn, $_POST['idToDelete']);

    // Create sql
    $sql = "DELETE FROM student_data WHERE id = $idToDelete";

    // Redirects user to the homepage if the query is successful
    if(mysqli_query($conn, $sql)){
        header('Location: index.php');
    } else {
        echo 'query error: '. mysqli_error($conn);
    }
}

function deleteFiles($target) {
        $files = glob($target . "/*"); // get all file names
        foreach($files as $file){ // iterate files
            if(is_file($file)) {
                unlink($file); // delete file
            }
        }

        rmdir($target);
}

I tried comparing the 2 strings using the === operator and it returns 1. No idea why this is happening.

Actually `$targetDir` has a slash on end which means its *not* a directory or "folder" but a path to some files and folders., `"uploads/$id/"`. Remove the trailing slash and it should work. .... Please no one post an answer on this exact solution. I digress however. — GetSet, Mar 14 '20 at 21:59
Side note: no need to copy entire code again just to state that a hardcoded value works. Simply stating that would suffice. — El_Vanja, Mar 14 '20 at 22:13
`It doesn't work` is not only non-specific, its also not programmer-like. You have to be *very* specific in what doesn't work @Matthew — GetSet, Mar 14 '20 at 22:16
You're also wide open to [SQL injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). You should use [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. — El_Vanja, Mar 14 '20 at 22:16
@Matthew your `deleteFiles()` function is redundant and possibly ineffective. All you need to do is use built-in PHP function `unlink()` on the target dir without the trailing slash — GetSet, Mar 14 '20 at 22:21
I used unlink() on the $targetDir (the one with the embedded variable) but the specified directory is still not deleted. The hardcoded version of $targetDir deleted the file though. — Matthew, Mar 14 '20 at 22:28
@Matthew I dont know if u are reading comments but `if` you have a trailing slash on the unlinked folder then in your words `it will not work`. — GetSet, Mar 14 '20 at 22:29
@Matthew open a new thread on problems unrelated please. Or at least try to give credit on things that work thru comments. SO is not a code writing service. Are you thinking i or anyone should jump to your next problem in your solution? — GetSet, Mar 14 '20 at 22:33
I initialized the variable like this: ' $targetDir = "uploads/$id"; ' The directory does not get deleted. — Matthew, Mar 14 '20 at 22:33
@Matthew does `uploads` even exist at program start? Which directory doesn't get deleted, the one at `$id`? What example are you using at the least, can you provide a link? `unlink()` is built-in PHP function and yes it *works*. — GetSet, Mar 14 '20 at 22:34
uploads does exist at the beginning of the program (https://imgur.com/a/7tn1dz3). For example, if I was trying to delete the user with the $id of 58. the directory "uploads/58" would not get deleted with my current implementation. Thanks for your help. — Matthew, Mar 14 '20 at 22:43

I can't delete a directory in PHP when passing in a concatenated string?

0 Answers0