I have a file upload website. Information about files and the files themselves are stored in a mysql database. I want to allow the users to delete their own files.
On every line I have put a delete button. My concern is which is the most secure implementation.
I am thinking of these:
- appending the fileid to the url of itself, and inserting a conditional in the page that will test for that variable and if exists, drop the row
- append the fileid to the url of delete.php, which will drop the row and then redirect to the initial page.
- something better?
arthurav 0 Light Poster
MindSter 1 Junior Poster in Training
I guess the first one is better.
Btw, don't forget to check again UserID, so that user1 can't delete user2's files and so on ...
arthurav 0 Light Poster
Is it possible to create a link that "posts" the value of fileId? Thank you. I do not feel comfortable with the idea of letting such an operation as a file delete be handled from the url.
Thank you.
MindSter 1 Junior Poster in Training
You've got to create a form/submit button and some hidden fields (containing text data to be sent).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.