The mysql-PHP user management system deletes a user by passing an ID through GET. If someone else modifies the ID without mistake, how can this problem be prevented ??

The PHP user management system deletes a user by passing the ID through GET. in case someone else modifies the ID without mistake, how can this problem be prevented ?? Is there any other solution besides POST ?? The PHP user management system deletes a user by passing the ID through GET. in case someone else modifies the ID without mistake, how can this problem be prevented ?? Is there any other solution besides POST ??

Reply content:

The PHP user management system deletes a user by passing the ID through GET. in case someone else modifies the ID without mistake, how can this problem be prevented ?? Is there any other solution besides POST ??

I really want to modify it. You don't need to POST it. It's okay to simulate a POST operation! The key lies in permissions. verify whether the current account has the delete permission before deletion.
If you are still worried about the problem of accidental deletion, you can only add the recycle bin function to the table.trashField. DeletetrashIstrueIs not displayed on the page. The Administrator will delete the items that can be deleted from the database after review.

Before deleting a user, determine whether the Administrator has the permission to delete the user corresponding to this ID.

Make a judgment before deletion. The delete operation can also be a logical delete operation, and the logical delete operation is reversible.

Add a token for verification.

The above is true. First, check whether the deletion permission is granted before the deletion. Then the post will carry a token to prevent csrf attacks.

1. Do not delete from the database, but set a field to prevent it from being displayed.
2. Use the tokenStirng + tid + time encryption method.