What is the safest way to delete data from mysql? (Php / mysql)

I want to allow users, as well as me (the administrator) to delete data in mysql. I used to have a remove.php file that would get $ _GET from everything that needed to be removed, for example ... remove.php? Action = post & posting_id = 2. But I found out that anyone can just insult him and delete all my data.

So, what is the safest way for users and me to delete information without getting all crazy and hard? I'm just a newbie :) I'm not sure if I can use POST because there are no forms and the data is not changing. Are sessions good? Or there will be too many posts, user information, comments, etc.

Example: James wants to delete one of his posts (this is posting_id = 5). So he clicks the remove link and takes it to remove the .php? Action = post & posting_id = 5.

EDIT: Okay, now I'm a little confused. Although I cannot be 100% safe, how can I do this with $ _POST? SOO I have to use GET to get all the data on remove.php, THEN has a confirmation button, and when users click on it, it puts all the data in POST and removes it from dbc?

+3
source share
3 answers

gurun8, "" , . , , , , , .

, $_GET - .

, Amazon GET. , , URL-, , Amazon, .

, Jame, :

<img src='http://example.com/remove.php?action=post&posting_id=5'>

, , . , , " ".

, , , GET. , POST.

+2

- . - , . .

"" (, Boolean), , "" . , , , "" . , where active = 1.

script, , . .

. , .

+6

, script.

, , , remove.php, .htaccess .

, , , script PHP.

, , PHP, ( session_register(), mysql_real_escape_string(), htmlspecialchars() ..), !

, , session_register() $_SESSION, register_globals ( PHP5).

0

Source: https://habr.com/ru/post/1744646/


All Articles