christillis wrote:I would like to add another HTML column which simply has a link to the effect of "delete this record".
You can add the record id to the query string of the link URL, e.g.,
echo '<a href="records.php?delete=1&id=' . $row['id'] . '">Delete</a>';
where $row is the array that holds the current row in the result set retrieved from the database. However, before you do this...
christillis wrote:Also, can I $POST this to itself to save created another PHP file?
If you are using a link, you would use the query string, and this means accessing the incoming variables using the $GET superglobal array. Ideally, the form submission method should be chosen with this in mind:
W3C wrote:The "get" method should be used when the form is idempotent (i.e., causes no side-effects). Many database searches have no visible side-effects and make ideal applications for the "get" method.
If the service associated with the processing of a form causes side effects (for example, if the form modifies a database or subscription to a service), the "post" method should be used.
Consequently, it would be better to use a form with the "post" method and access the $_POST superglobal array, upon which the answer to your question is "yes".
Also, there have been cases where a bot somehow managed to get onto a page with delete links, and due to insufficient permission checking, managed to delete all the records as it trawled through all the links. Admittedly, the real problem was the insufficient permission checking, but if a form that provided delete checkboxes had been used, the disaster would not have happened (on the other hand, a malicious human user, or a bot that went around checking checkboxes and submitting forms, could have done the same).
