mufar wrote:Ok, first off, a method like this for "deleting accounts" would be a strictly admin function. Therefore in a secured part of a site.
Would the security risk still be present, even if it required an admin (or trusted personel) to access?
tho the $POST method would have some nice uses and open up a lot of possibilities to the user (if it was somewhat safe).
Is there any way of indirectly putting user submitted data (via $POST) in to a query?sorry for all the questions, but you guys certianly know what you are talking about, and are quite a help to a beginner like myself
The only system that might work without security is a system that only the programmer himself/herself handles (and very carefully), and that in addition is not accessible from the outside. So yes, the risk will still be present. This is what the articles I linked before is about.