[development] Handling optional parameters

[Derek Wright]

On Sep 24, 2008, at 7:49 AM, Nancy Wichmann wrote:

> Will I be tarred and feathered for going the $_GET route?

Not if you're careful with the input. ;)

Also, you shouldn't be taking any action just from a GET request, or  
you're opening yourself to CSRF (Cross site request forgery).  To  
avoid this, you need a confirm form that uses POST to actually  
trigger the action.

Regards from the security team,
-Derek (dww)