homepage Welcome to WebmasterWorld Guest from 54.196.62.23
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Deleting database entries
whatson

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4482716 posted 10:53 pm on Aug 7, 2012 (gmt 0)

I just heard that if you have a facility to delete fields from a database that this should not be done with a hyperlink, you should use a form to submit this.
The reasons being the search engines may crawl them.

Can anyone else share any light on this? What is the proper way to do this?

 

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4482716 posted 1:50 pm on Aug 8, 2012 (gmt 0)

If a crawler can it follow the link it means anybody else could too.

Don't you need authentication ?

whatson

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4482716 posted 9:55 pm on Aug 8, 2012 (gmt 0)

oh ok, is that the other option? Use authentication? How do I do that?

mvaz

5+ Year Member



 
Msg#: 4482716 posted 3:41 pm on Aug 9, 2012 (gmt 0)

Only authorised users should be given the privelege to delete database data (either entries or entire tables) and as such, they should have appropriate authentication for doing this task, this is my opinion - other experienced members here may have other more compelling methods to achieve this.

whatson

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4482716 posted 8:12 pm on Aug 9, 2012 (gmt 0)

Ok, but what method should you use for deleting pages, are hyperlinks ok or should it be form submission?

topr8

WebmasterWorld Senior Member topr8 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4482716 posted 8:45 pm on Aug 9, 2012 (gmt 0)

i don't think it makes any difference, i use both in my admin area.

the important thing is ensuring only the right people have access - generally speaking you should also log which login made significant changes like deletions.

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4482716 posted 9:01 pm on Aug 9, 2012 (gmt 0)

The principle is usually known as AAA:
Authentication, Authorization and Accounting

- Authentication comes first: you essentially identify and make sure the identification is correct (e.g. by using a login and password) or stronger methods as needed.
You can implement this in a web server (e.g. digest auth in apache) or using php and tracking it all via sessions and the like.

- Authorization: you list who can do what, and verify against that list. It's not cause you know the visitor is me that you want me to allow to do anything.

- Accounting: You track who did what, when. Bonus: Why?

omoutop

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4482716 posted 5:54 am on Aug 10, 2012 (gmt 0)

Another approach - do not delete anything. Just use a flag to show/hide content. OR move deleted content to backup tables/databse

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved