I have a file upload website. Information about files and the files themselves are stored in a mysql database. I want to allow the users to delete their own files.
On every line I have put a delete button. My concern is which is the most secure implementation.
I am thinking of these:
- appending the fileid to the url of itself, and inserting a conditional in the page that will test for that variable and if exists, drop the row
- append the fileid to the url of delete.php, which will drop the row and then redirect to the initial page.
- something better?

I guess the first one is better.
Btw, don't forget to check again UserID, so that user1 can't delete user2's files and so on ...

Is it possible to create a link that "posts" the value of fileId? Thank you. I do not feel comfortable with the idea of letting such an operation as a file delete be handled from the url.
Thank you.

You've got to create a form/submit button and some hidden fields (containing text data to be sent).