On Mon, Jun 1, 2009 at 12:32 PM, Matthew McKay <m...@mattmckay.org> wrote: > It would be much simpler and cleaner to use Javascript to modify the form's > action attribute onClick. >
Not really. What about clients who don't have Javascript installed? What about users who want to either do something nefarious or just to see what happens, - exposing your "Delete my record"-specific PHP code could potentially cause security holes. The less of your internal interface/structure you expose to the end user, the less easy it is for the casual script kiddies to find the security holes that you have (and yes, everyone has them... ;) ) -James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
