Php framework-php post form submission requires token. Do I need token to get url parameters in get mode to delete the post form?

Source: Internet
Author: User
Php post form submission requires token. Do I need token to get url parameters in get mode to delete the post form? Example: www. aaa. comdelpost. php? Id2 should delete the record whose id is 2 in the background. If a malicious user sends this link to the Administrator, the Administrator is in the login status, then... php post form submission requires token,

Do I need token to get url parameters in get mode to delete them?

Example: www.aaa.com/delpost.php? Id = 2

To delete a record whose id is 2 in the background,

If a malicious user sends this link to the Administrator and the Administrator is in the logon status, does the Administrator accidentally delete this article, so do he need token?

Www.aaa.com/delpost.php? Id = 2 & token =

Reply content:

Php post form submission requires token,

Do I need token to get url parameters in get mode to delete them?

Example: www.aaa.com/delpost.php? Id = 2

To delete a record whose id is 2 in the background,

If a malicious user sends this link to the Administrator and the Administrator is in the logon status, does the Administrator accidentally delete this article, so do he need token?

Www.aaa.com/delpost.php? Id = 2 & token =

My personal suggestion is that the token Generation Method is determined by the program, and there are achievements and gains.
Determine the transmission mode based on post and get
In addition, add verification in the generated token to determine whether the passed token is consistent with the current ip address or user, so as to avoid unnecessary deletion or modification.
For deletion, I usually use ajax for submission, and post for ajax submission.

You can search for the RESTful software style. There is a problem with using get for such delete operations. The main function of get is to obtain data.

In the past, the Post method was basically used for deletion. You should change the method to the POST method for deletion, or you can put the token into the Head for transmission verification.

-------- About RESTful --------------
After RESTful is introduced, the command becomes
GET (SELECT): Extracts resources from the server (one or more ).
POST (CREATE): CREATE a resource on the server.
PUT (UPDATE): UPDATE resources on the server (the client provides the complete resources after the change ).
UPDATE: UPDATE resources on the server (the client provides the changed attributes ).
DELETE: deletes resources from the server.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.