When implementing a delete form, if you use POST, rails, etc. with html, I think that it will be implemented with the DELETE method, but
For example, when deleting a user and implementing "action ="/delete /: user_id "", if the user_id part is rewritten with a developer tool, the rewritten user will be deleted, right?
How can I avoid this?
Addition:
For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear. If i click OK, I want to execute the deletion process.
| User name | Edit | Delete |
|---|---|---|
| A-san | Edit | Delete |
| B-san | Edit | Delete |
| C-san | Edit | Delete |
-
Answer # 1
-
Answer # 2
If you rewrite it, the rewritten user will be deleted?
This is possible if you simply delete the specified ID.
How can I avoid this?
Check with registered email and enter password. Isn't it possible to delete only the account related to login?
It's a little unclear, but I can't give an accurate answer.
Addition:
For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear, and if you press OK, you want to execute the deletion process.You should stop it.
If it is absolutely necessary, pressing the delete button will bring up the password input screen and if it matches, it will be a procedure called "delete".
Related articles
- html - about focus when coding radio buttons and checkboxes
- html - about margin that is automatically created (beginner)
- html - about chrome verification tool
- about html bem
- html - about ui changes due to screen reduction
- html - about css "" and "#"
- access - about delete queries
- html - about the difference in markup
- html - about creating a pull-down menu
- html - about the position of the text
- html - i'm not sure about attributes and values in bootstrap
- [html] about specifying height in responsive design
- html - i'm not sure about the concept and usage of response
- html - about type attribute
- html - about the behavior of ie and chrome when the file name is changed after selecting the file with
- html - about specifying items without name and id attributes in vba
- html - about input to text box in vba
- html - about ie operation with vba
- html - about character input in ie with vba
- [html,css] about sorting of contents
- html - i want to paste the correct link with rails6 auto_link
- [javascript] i want to switch the display/non-display of the input form
- html is not displayed
- html - i want to display the name of the user who clicked the like next to the like function in the post list! !!
- html - accordion panel doesn't work well [ruby on rails]
- html - the display of the css body part is displayed over the header part! (i can't see through)
- html - i want to move to the daily page of the calendar
- html - i want to go to each user's detail page
- html - i want to go to the details page for each protocol when i am not logged in
- javascript - [js] i want to be able to scroll down on the other side after sending in chat
Yes.
If you have the right to delete, regulating it doesn't make much sense, as it iswhat you can do. If you don't want a specific person to delete a specific issue, you need to build such logic on theserver side.