This question already has an answer here:
I have a webpage where I list all my database data. I have a DELETE link in front of each record. When a user click that DELETE link, it redirect user to a page called delete.php and in this page I run the delete query. My process is
Index.php
<a href="delete.php?action=delete&id=<?php echo $ID; ?>">DELETE</a>
delete.php
if (isset($_REQUEST["action"]))
if ($_REQUEST["action"] == "delete") {
$id= $_GET['id'];
$del_query = mysql_query("DELETE FROM TABLE WHERE id= '$id'");
}
Can anyone tell me any secure method of deleting data because this process is not secure and user can directly type this in the URL delete.php?action=delete&id=3 which will delete that record.
</div>
You will need a post method which can't be given directly (by typing the url)
instead this use form
<a href="delete.php?action=delete&id=<?php echo $ID; ?>">DELETE</a>
<form method="post" action="delete.php?action=delete">
id: <input type="text" name="id"/> <input type="submit"/>
</form>
in delete.php you will need $id=$_POST['id']
for more security concern, you will need some type of CAPTCHA technique