Matthew McKay wrote:
> On Mon, Jun 1, 2009 at 2:43 PM, James Ausmus
> <>wrote:
>> On Mon, Jun 1, 2009 at 12:32 PM, Matthew McKay <> wrote:
>>> It would be much simpler and cleaner to use Javascript to modify the
>> form's
>>> action attribute onClick.
>> Not really. What about clients who don't have Javascript installed?
>> What about users who want to either do something nefarious or just to
>> see what happens,  - exposing your "Delete my record"-specific PHP
>> code could potentially cause security holes. The less of your internal
>> interface/structure you expose to the end user, the less easy it is
>> for the casual script kiddies to find the security holes that you have
>> (and yes, everyone has them... ;)  )
>> -James
> How is passing parameters to a 'delete' action different than passing
> 'delete' as a parameter to a general purpose action?
> You do have a point with not all clients having Javascript. It would be a
> business decision on the part of Shawn if he wants to support the fraction
> of users running browsers without support for the most basic of extensions.

I'm not the OP, just a commenter.  It would be Angus's decision. :-)


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to