GET
is the default form action. If you want POST
you must specify it:
<form action="admin.php" method="post">
Вопрос
On a PHP page, I have this button with hidden fields on my page:
<form action="admin.php">
<input name="action" value="delete" type="hidden">
<input name="id" value="13" type="hidden">
<input value="Delete user" type="submit">
</form>
On the page admin.php I have this:
switch ($_POST['action'])
{
case 'delete' :
if ($_SESSION['role'] == 2)
{
if ($user->deleteUser($_POST['id']))
{
$_SESSION['alert'] = "User deleted.";
$_SESSION['alert_type'] = "success";
} else
{
$_SESSION['alert'] = "Something went wrong while deleting the user.";
$_SESSION['alert_type'] = "error";
}
} else
{
$_SESSION['alert'] = "You are not allowed to delete a user. You need to be an admin.";
$_SESSION['alert_type'] = "error";
}
$data = $user->getProfiles();
require 'Views/Admin.view.php';
// etc
As expected, admin.php loads a list of users, with a delete button next to each one. When I press a delete button, the user is deleted, however the browser shows the parameters of the hidden field in the address bar, as if it was a GET request.
What is going on?
Решение
GET
is the default form action. If you want POST
you must specify it:
<form action="admin.php" method="post">