Re: CGI and Database

According to RFC 2616: "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested."

It may not seem important to you now, but you should consider ways of making your delete operations POST operations instead of GET operations - because a delete operation affects the underlying state of the system.

One way is to output HTML that starts a form:

  <form action="" method="post">
    <p>Delete <!-- TMPL_VAR NAME=record_name -->
      <input
        type="checkbox"
        name="delete_record"
        value="<!-- TMPL_VAR NAME=record_name -->"
      />
    </p>
    <p><input type="submit" name="submit" value="submit" /></p>
  </form>
[download]

This example used HTML::Template as the templating technique (but there are many different ways to output the HTML).

Update: changed reference paragraph from RFC 2616.

Comment on Re: CGI and Database Download Code

Replies are listed 'Best First'.
Re^2: CGI and Database by dsheroh (Monsignor) on Feb 09, 2009 at 12:43 UTC
It may not seem important to you now... ...but it will as soon as google (or whatever other bot) finds the site, spiders all the links, and deletes your entire database.	[reply]


Your skill will accomplish what the force of many cannot
	PerlMonks