-1

So I want to make a website where when you delete a post it will show an alert msg that the post has been deleted successfully but the problem is that when I am reloading the alert is still there

Can't figure any fix for the issue if I try to use header('location: ./wb_submission.php'); the echo will not load

code I am trying ->

    if (isset($_GET['delete'])) {
        $sno = $_GET['delete'];
        $sql = "DELETE FROM `website_submit` WHERE `sno` = $sno";
        $result = mysqli_query($conn, $sql);
        echo '<div class="alert alert-danger" role="alert">
        The submission was deleted successfully!
      </div>';
    }
Jivesh Kalra
  • 13
  • 3
  • Do you redirect user agent to `./wb_submission.php` which contains the code that deletes the record? – Jared Apr 15 '22 at 07:26
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Apr 15 '22 at 10:14
  • 1
    Never use `$_GET` to delete stuff. Any crawler will delete all your data. – Dharman Apr 15 '22 at 10:15
  • what can I do then? – Jivesh Kalra Apr 15 '22 at 10:22
  • Only ppl who are authorized can access the site – Jivesh Kalra Apr 15 '22 at 10:27

1 Answers1

0

You should remove delete parameter from URL after page loaded. You can do it with js:

window.history.replaceState({}, '', location.href.replace(location.search, ""));

How it works

  1. this method modifies the current URL without putting this into history
window.history.replaceState
  1. First parameter: {}

The state object is a JavaScript object which is associated with the history entry passed to the replaceState method. The state object can be null.

  1. Second parameter: ''

This parameter exists for historical reasons, and cannot be omitted; passing the empty string is traditional, and safe against future changes to the method.

  1. Third parameter (new URL): first part (location.href) is complete URL value, like:
    http://example.com/page.php?delete=10
    then it will replace search parameters with empty string:
.replace(location.search, "")

location.search is everything after ? in URL (in this case: ?delete=10)

History.replaceState()

Edit

If you have multiple parameters in your URL and you want to remove only delete parameter try this code:

// Create new URLSearchParams object
// location.search is something like "?delete=10&msg=hello&ok=true"
let params = new URLSearchParams(location.search);

// Remove delete parameter from URL parameters
params.delete("delete");

// Convert parameters to string
// e.g "msg=hello&ok=true"
let urlParams = params.toString();

// if urlParams is not empty add a question mark before it:
urlParams = urlParams.length > 0 ? "?" + urlParams : "";

// Replace new parameters
window.history.replaceState({}, '', urlParams);
HOSSEIN B
  • 301
  • 2
  • 7