On 6/4/06, Larry Garfield <[EMAIL PROTECTED]> wrote:
Only if delete.php is a confirmation page. Never ever ever have a delete
function that operates solely by GET.
Here's why: http://thedailywtf.com/forums/thread/66166.aspx
Yes, I've seen that one before. IMO the main problem there
is the faulty authentication system. If you put delete links
public, and fail to put proper authentication in place, someone's
going to delete your content, no matter if the delete action
is a POST submit button or a GET link.
I don't see how POST is better/more secure for a delete action.
Rabin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
