Bhaarat Sharma wrote:
so what would be a way to avoid that?
use this instead?
<s:url action="crud" method="delete" id="url">
<s:param name="employee.employeeId" value="employeeId"/>
</s:url>
I don't see any difference there.
I'm not sure what the original response had in mind; the same thing
could happen with a POST form.
Normally one would check for delete access rights on the server side
before allowing deletions.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
