0

This is the function I use to upload the image for a user's task:

if (isset($_POST["button"])) {
    $naziv = trim($_POST["naziv"]);
    $kategorija = trim($_POST["kategorija"]);
    $opis = trim($_POST["opis"]);

    $ime = time()."_".$_FILES["slika"]["name"];
    $target = "../slike/".$ime;
    
    Zadatak::dodaj($naziv, $korisnik, $kategorija, $opis, $ime, $konekcija)) {
}

This works fine, I see the changes in the database.

This is the code that calls the function to delete and unlink the image:

<?php
require "../konekcija/konekcija.php";
require "../modeli/zadatak.php";

$zadatak = trim($_GET["zadatak"]);

$podaci = Zadatak::vratiPodatke($zadatak, $konekcija);

?>

[...]

<h4>Slika</h4>
<button onclick="obrisi();">Obrisi</button>

[...]

<script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>

<script>
    function obrisi() {
        let zadatak = <?=$podaci->zadatakID?>;
        let slika = "../slike/'<?=$podaci->slika?>'";
        $.ajax({
                url: '../funkcije/obrisiSliku.php',
                data: {
                    zadatak: zadatak,
                    slika: slika
                },
                success: function (data) {
                }
            });
    }
</script>

This is obrisiSliku.php:

<?php
require "../konekcija/konekcija.php";
require "../modeli/zadatak.php";

$zadatak = trim($_GET["zadatak"]);
$slika = trim($GET["slika"]);

Zadatak::obrisiSliku($zadatak, $konekcija);
unlink($slika);
?>

I set the image as NULL in the image field and it stops displaying it for the task on the page, but the unlink function doesn't seem to be working. Any ideas on what the issue could be?

Edit:

This is the error log I get:

[21-Apr-2023 00:26:43 Europe/Berlin] PHP Notice:  Undefined variable: GET in /Applications/XAMPP/xamppfiles/htdocs/taskmanager/funkcije/obrisiSliku.php on line 6
[21-Apr-2023 00:26:43 Europe/Berlin] PHP Notice:  Trying to access array offset on value of type null in /Applications/XAMPP/xamppfiles/htdocs/taskmanager/funkcije/obrisiSliku.php on line 6
[21-Apr-2023 00:26:43 Europe/Berlin] PHP Warning:  unlink(): No such file or directory in /Applications/XAMPP/xamppfiles/htdocs/taskmanager/funkcije/obrisiSliku.php on line 9
Mihailo Mitrović
  • 91
  • 6
  • The files are in the `../slike` directory, so it should be `unlink("../slike/$slika")` – Barmar Apr 20 '23 at 22:09
  • I should write that with the value I'm passing? (`let slika = "../slike/'=$podaci->slika?>'";`). – Mihailo Mitrović Apr 20 '23 at 22:11
  • Oh, I didn't see that you already have that in the JavaScript. – Barmar Apr 20 '23 at 22:12
  • Check your PHP error log to see if there are any warnings from the unlink call. – Barmar Apr 20 '23 at 22:12
  • How would I go about doing that? I'm trying to learn and I know it might sound like a very simple and dumb question – Mihailo Mitrović Apr 20 '23 at 22:14
  • How do you normally debug your code without knowing how to view errors? https://stackoverflow.com/questions/5127838/where-does-php-store-the-error-log-php-5-apache-fastcgi-and-cpanel – Barmar Apr 20 '23 at 22:19
  • I figured it out. This is what I'm getting - PHP Warning: unlink(): No such file or directory in /Applications/XAMPP/xamppfiles/htdocs/taskmanager/funkcije/obrisiSliku.php on line 8 – Mihailo Mitrović Apr 20 '23 at 22:21
  • That indicates that `$slika` is empty. – Barmar Apr 20 '23 at 22:22
  • Apparently `$podaci` doesn't contain what you expect. You'll need to debug that part. – Barmar Apr 20 '23 at 22:23
  • @Barmar I updated the post with the entire error log, what should I try? Thank you so much for helping me out – Mihailo Mitrović Apr 20 '23 at 22:28
  • Typo: `$GET` should be `$_GET` – Barmar Apr 20 '23 at 22:29
  • `https://your-site.com/obrisiSliku.php?slika=/path/to/any/file/i/want/deleted.oops` – Sammitch Apr 20 '23 at 22:48
  • If you just do `unlink(some_GET_parameter);`, then this can be used to delete _any_ file within your webspace that the web server/PHP has write access to. Can't tell from the code above if you are at least checking for a logged-in user before doing this, but in all likelihood, this is in _desperate_ need of improvement regarding security. – CBroe Apr 21 '23 at 06:39

0 Answers0