Is there any way to use unset session

Question

I can not see any successful message on the browser if I click on delete button. and again I notice that ones I comment out unset function

unset($_SESSION['message']);

unset($_SESSION['msg_type']);

that message will display on the browser but the issue is that the message will still on even though I refresh my page, please what could be the issue now.

My codes:  
if(isset($_GET['delete'])){
    $id = $_GET['delete'];
    $db->query("DELETE FROM music WHERE id=$id") or die($db->error());

    $_SESSION['message'] = "Rocord has been deleted!";
    $_SESSION['msg_type'] = "danger";

    header("location: music.php");
}

//display message 
 <?php 
   session_start();        
    if(isset($_SESSION['message'])):?>

    <div class="alert alert-<?=$_SESSION['msg_type']?>">

    <?php 
        echo $_SESSION['message'];
 
        unset($_SESSION['message']);
        unset($_SESSION['msg_type']);
        
  
    ?> </div>
    <?php endif ?>

Do you have error logging enabled in PHP? Perhaps an error occurs when that code is included? — ADyson, Dec 06 '20 at 16:10
"how will I enable error logging"...just type "PHP enable error logging" into Google. Seriously that's not a question you need to ask, it's very well documented — ADyson, Dec 06 '20 at 16:22

score 1 · Answer 1 · answered Dec 06 '20 at 19:32

Did you start the session? Add session_start(); if you haven't already, at the top of your file.

Your code is prone to SQL injection and you are not filtering or validating the incoming data. If here you are expecting a numeric value for example 5 why don't you filter it or typecast to int to be sure that's a value you actually want. What if it is some dangerous SQL instead of a numeric value ?

$id = (int) $_GET['id']; 
OR 
$id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);

Typecasting or filtering will turn any non numeric value to 0.

 $db->query("DELETE FROM music WHERE id=$id")

You should never put values in your SQL like that. How to prevent SQL injection?

score 0 · Answer 2 · answered Dec 07 '20 at 01:42

Please try changing your codes to

<?php 
session_start(); 

if(isset($_GET['delete'])){
    $id = $_GET['delete'];
    $db->query("DELETE FROM music WHERE id=$id") or die($db->error());

    $_SESSION['message'] = "Rocord has been deleted!";
    $_SESSION['msg_type'] = "danger";

    header("location: music.php");
}
?>

<?php    if(isset($_SESSION['message'])) {?>

<div class="alert alert-<?php echo $_SESSION['msg_type'];?>">

<?php 
        echo $_SESSION['message'];
 
        unset($_SESSION['message']);
        unset($_SESSION['msg_type']);
        
  
    ?> 
</div>

<?php } ?>

On the other hand, make sure that $id will only be available to the authenticated user, otherwise someone can delete other's data.

Is there any way to use unset session

2 Answers2