0

so i have this deletefile function and i want it to go back to tyhe home page after 3 seconds automaticly

  public function deleteFile($id)
{

try {

  $query = "SELECT naam, bestand_path FROM bestanden ";
  $query .= "WHERE id='$id'";
  $result = $this->datahandler->readsData($query);
  $results = $result->fetchAll();

  foreach ($results as $row) {
    $filename = $row['naam'];
  }

  $file = getcwd() . "/uploads/" . $filename;
  //echo "Absolute Path To Directory is: ";
  //echo $delfile;

  ***if (unlink($file)) {
    echo $filename . ' was deleted successfully!';

    header('Location: ' . SERVER_URL . '/Home/');***
  } else {
    echo 'There was a error deleting ' . $filename;
  }

  $query = "DELETE FROM bestanden ";
  $query .= "WHERE id=$id";
  $result = $this->datahandler->deleteData($query);

} catch (PDOException $e) {

  echo "Fout opgetreden";

}
}

its about the one with the stars around it.

thank you

Thijs Rietveld
  • 1
  • 1
  • 1
    NB: `header('Location...` will not stop the script, It just add the specific header to the HTTP response. The following code is executed as well. – Syscall Sep 29 '22 at 11:55
  • You could use [the refresh header](https://css-tricks.com/snippets/html/meta-refresh/): `header("Refresh:3; url=/Home/");`? Note that there should be no output before `header()`. – KIKO Software Sep 29 '22 at 11:56
  • 1
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Sep 29 '22 at 11:56
  • https://phpdelusions.net/pdo also contains good examples of writing safe SQL using pdo. See also this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Sep 29 '22 at 11:56
  • Anyway, one question on this slightly odd requirement: why do you want to slow your website and your users' experience down? – ADyson Sep 29 '22 at 11:57
  • 1
    This code is fatally flawed in a number of places, really is worth a total rethink/rewrite – RiggsFolly Sep 29 '22 at 12:02
  • ADyson because there is a message that i want them to read – Thijs Rietveld Sep 29 '22 at 12:35
  • Syscall Thanks that worked i now have a little 3 seonc timer before it seends me back to my page! – Thijs Rietveld Sep 29 '22 at 12:36
  • Thanks for the advice on the code guys but honestly its not my code. i hate this internship – Thijs Rietveld Sep 29 '22 at 12:37
  • `because there is a message that i want them to read`...this is bad UX design. What if they don't happen to be looking at the screen at that moment for some reason? Then they miss the message anyway. Anything you want to show, show it until the user actively dismisses it, or just put it somewhere on the page you're redirecting back to (so it's effectively permanent until they move away from that page). – ADyson Sep 29 '22 at 12:38
  • 1
    Also, `echo $filename . ' was deleted successfully!'; header('Location: ' . SERVER_URL . '/Home/');` should result in a "Headers already sent" warning and a failed redirect - unless you're using output buffering somewhere in this code? See https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php for background info. – ADyson Sep 29 '22 at 12:40

0 Answers0