In your server side i'll create an encripted string to avoid user edition in the url. Looks like this:
http://mysite.com?delete=true&id=123&encriptedURL=WXObT4eqDq+8iij5MksGDdaq<http://mysite.com/?delete=true&id=123&encriptedURL=WXObT4eqDq+8iij5MksGDdaq> encriptedURL variable contains the string delete=true&id=123 but in encripted format. After user click, your application will convert the query params and compare with encriptedURL content. It's the same, ok? Otherwise display a message. In ColdFusion I used this code to generate that encripted variable: <cfset yourURL = 'delete=true&id=123'> <cfset yourURLEncripted = encrypt( yourURL, 'yourkey', 'CFMX_COMPAT', 'Base64' )> Cheers Marco Antonio On Fri, Jul 31, 2009 at 6:36 AM, Adrian Lynch <adely...@googlemail.com>wrote: > > I think you could do something like the following: > > <a href="whatever you want in here" class="id-123">Delete</a> > > <script type="text/javascript"> > $("a").click(function() { > var id = $(this).attr("class").split("-")[1]; > this.href = "/?delete=true&id=" + id; > }); > </script> > > But this isn't really the solution you want to go with. > > Firstly, if you're using links to delete things, what happens if a bot > somehow gets into your site and starts clicking on all those links? > I've heard of people having there admin areas indexed by Google and > all sorts of hell breaking lose! > > Make this sort of action happen via a POST request, not a GET. > > If in your application deletions should only be done by certain > people, check this in your code before deleting. > > Secondly, to solve the issue of a refresh happening and causing an > error, relocate back to the page after you have deleted the item. > > You're right to be worried about this, I know that if I saw a URL > with ?action=delete&id=101 in, I'd be tempted to give ? > action=delete&id=102, ?action=delete&id=103, ?action=delete&id=104 a > try too! ;O) > > On Jul 31, 12:49 am, Anoop kumar V <anoopkum...@gmail.com> wrote: > > I have a menu, on which is a delete link. The URL of the link is quite > > plain:http://mysite.com?delete=true&id=123<http://mysite.com/?delete=true&id=123> > > (quite obvious I think that the request is to delete the id=123) > > > > I wish to hide the destination URL in the browser from the user - so that > it > > shows a harmless url like:http://mysite.com?#or > > <http://mysite.com/?#or>similar. The reasons are > > more aesthetic than anything else. Also the other advantage is once the > user > > clicks on the link, and then hits on refresh, the request gets posted > again > > and because the id=123 has already been deleted, it will just generate an > > error.. Does that make sense? > > > > I dont mind using ajax for this - but would love if I could get both > options > > - ajax and non-ajax. > > > > Thanks, > > Anoop >
