PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Last point ... and it's not really here or there, but is ther any reason you are POSTing the id, and not just passing it as an argument on the submit URL?
Really? What 'rules' are these, and whats the logic there?
There doesn't seem to be much benefit with POSTing the value. It's still a user supplied variable, so has no more trust than a GET variable.
I'd be interested to know any other reasons, as I've always done it with GET variables and never thought much of it. Might have to have a re-think if there are other reasons.
It's not a matter of trust. It's simply a matter of choosing to have state altering decisions posted so the browser alerts the user if they attempt to do it again accidentally.
Sorry, last post on this ... not meaning to derail this thread.
I generally post back to the same page and do the processing in the code block at the top. On success, I generally make a header() call to go back to either an earlier page or the same page without the URL arguments.
From there, hitting back will skip the argumented URL entirely, and refresh will simply refresh the current view. By doing this, don't I bypass this issue anyhow?
Just out of interest, I also do a header redirect after form submits so that form submissions cant be backed into at all. I normally also couple that with form tokens to prevent form re-use if the user does happen to back over the submission and into the form itself.
It's a good point though, and definitely worth some thought.