I have a file upload website. Information about files and the files themselves are stored in a mysql database. I want to allow the users to delete their own files.
On every line I have put a delete button. My concern is which is the most secure implementation.
I am thinking of these:
- appending the fileid to the url of itself, and inserting a conditional in the page that will test for that variable and if exists, drop the row
- append the fileid to the url of delete.php, which will drop the row and then redirect to the initial page.
- something better?