I have a file upload website. Information about files and the files themselves are stored in a mysql database. I want to allow the users to delete their own files.
On every line I have put a delete button. My concern is which is the most secure implementation.
I am thinking of these:
- appending the fileid to the url of itself, and inserting a conditional in the page that will test for that variable and if exists, drop the row
- append the fileid to the url of delete.php, which will drop the row and then redirect to the initial page.
- something better?
arthurav
0
Light Poster
Recommended Answers
Jump to PostI guess the first one is better.
Btw, don't forget to check again UserID, so that user1 can't delete user2's files and so on ...
All 3 Replies
MindSter
1
Junior Poster in Training
I guess the first one is better.
Btw, don't forget to check again UserID, so that user1 can't delete user2's files and so on ...
arthurav
0
Light Poster
Is it possible to create a link that "posts" the value of fileId? Thank you. I do not feel comfortable with the idea of letting such an operation as a file delete be handled from the url.
Thank you.
MindSter
1
Junior Poster in Training
You've got to create a form/submit button and some hidden fields (containing text data to be sent).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.