Angelos wrote:
Is there any way of sending a few variables through $_POST instead of
$_GET without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and
I pass the records _id through _GET i might have some problems with people
deleting records....
Either way (GET or POST), that's a sure-fire way of getting your site
and database getting fucked over by hackers. If someone wants to break
your site, it's just as easy to do with POST as with GET.
In your script, you must check whether the user is authorised to
perform delete operations. That way, it doesn't matter whether you use
GET or POST.
*ALWAYS* validate user input!!
--
Oli