I have a file upload website. Information about files and the files themselves are stored in a mysql database. I want to allow the users to delete their own files.
On every line I have put a delete button. My concern is which is the most secure implementation.
I am thinking of these:
- appending the fileid to the url of itself, and inserting a conditional in the page that will test for that variable and if exists, drop the row
- append the fileid to the url of delete.php, which will drop the row and then redirect to the initial page.
- something better?

7 Years
Discussion Span
Last Post by MindSter

I guess the first one is better.
Btw, don't forget to check again UserID, so that user1 can't delete user2's files and so on ...


Is it possible to create a link that "posts" the value of fileId? Thank you. I do not feel comfortable with the idea of letting such an operation as a file delete be handled from the url.
Thank you.

Edited by arthurav: n/a


You've got to create a form/submit button and some hidden fields (containing text data to be sent).

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.