Good all the time of day.

A regular page, a normal link, with an address of the type *.php?n=180 . It leads to the page that catches the variable (using the GET method), and removes a specific entry from the desired table. Of course, if you type *.php?n=число in the address line, the deletion also works.

Tell me how to properly organize the deletion of the record, so that it could not be deleted by simply fitting it into the browser line.

  • Send using the POST method! Accordingly, make a check on POST request. - Palmervan
  • one
    No Authorization and access rights! - Artem
  • POST method without any problems, but what does it turn out, sculpt form, just like that? - sergey

1 answer 1

  1. Check that the page is deleted only if the authorized person is authorized.

  2. As protection against random triggers, is it usually referred to as del.php? N = 1 & rand = 123456 Where rand is regenerated on each access (and most importantly - at the very distance) and written to the session on the server side. And check that what was sent agreed with what is in the session.

  3. And the worst thing is to make an intermediate page with the scary question "Exactly delete?". The reference "YES" is done according to the method described in Clause 2 (with a random key).