I don’t remember where I read this: Passing data via the form action attribute is safer than passing it via a href attribute. Safer in terms of validating the segment because it’s $_POST and you can compare tokens for csrf protection when a form is submitted unlike a direct link. Is this true?
If suppose I have the following action in a form,
<form method="post" action="/edit/pictures/delete/2235/">
Can I get the URI segment 2235 via $_POST?
Edit: Please assume that there is a URL rewrite. 2235 is a variable value. I’m not asking how to retrieve 2235, just if I can retrieve it via $_POST
When you POST a form to a php endpoint, $_POST only gets populated with data from the input elements. The request path is available in
$_SERVER['REQUEST_URI']. To get the id id out of the request path, you’ll probably want to use a regular expression like this:Regarding your question about safety — the answer is POST is absolutely no safer than GET. They are different HTTP verbs, and carry data in a slightly different way, but either way the data your app receives cannot be trusted. It’s just as easy to spoof a POST request (like a form) as it is to spoof a GET request (like an anchor link).