[development] Handling optional parameters
drupal at dwwright.net
Wed Sep 24 18:47:50 UTC 2008
On Sep 24, 2008, at 7:49 AM, Nancy Wichmann wrote:
> Will I be tarred and feathered for going the $_GET route?
Not if you're careful with the input. ;)
Also, you shouldn't be taking any action just from a GET request, or
you're opening yourself to CSRF (Cross site request forgery). To
avoid this, you need a confirm form that uses POST to actually
trigger the action.
Regards from the security team,
More information about the development