24 Sep
2008
24 Sep
'08
8:47 p.m.
On Sep 24, 2008, at 7:49 AM, Nancy Wichmann wrote:
Will I be tarred and feathered for going the $_GET route?
Not if you're careful with the input. ;) Also, you shouldn't be taking any action just from a GET request, or you're opening yourself to CSRF (Cross site request forgery). To avoid this, you need a confirm form that uses POST to actually trigger the action. Regards from the security team, -Derek (dww)