Passing parameters in URL
Bruno Desthuilliers
bruno.42.desthuilliers at websiteburo.invalid
Thu Feb 4 05:47:45 EST 2010
Diez B. Roggisch a écrit :
> Am 03.02.10 19:11, schrieb John Bokma:
>> Alan Harris-Reid<alan at baselinedata.co.uk> writes:
>>
>>> I have a web-page where each row in a grid has edit/delete buttons to
>>> enable the user to maintain a selected record on another page. The
>>> buttons are in the form of a link with href='/item_edit?id=123', but
>>> this string appears in the URL and gives clues as to how to bypass the
>>> correct sequence of events, and could be risky if they entered the URL
>>> directly (especially when it comes to deleting records).
>>
>> You should *never* use a GET request to do actions like deleting
>> records. You already are aware of it being risky, so don't do this. You
>> should use GET for getting information, and POST for modifying
>> information.
>
> You should *never* say never, because there might be situations where
> exceptions from rules are valid. This is one such cases.
Oh yes ?
> Making this a
> post means that you need to resort to javascript to populate & submit a
> hidden HTML-form.
I beg your pardon ???? This is total nonsense. Hopefully you don't need
any js to emit a post request from a browser ! The only thing you need
to do is to use a form and submit input instead.
More information about the Python-list
mailing list