How do i make $_GET more secure.?

Question

I am using the get method to perform some operation like, approve, markasspam, delete, for commenting system. i know it is highly insecure to go this way but i cannot help it ou

Answer 1

You shouldn't use GET for any operations that change data on server. NEVER. You use it only to get data.

If you can't use forms for operation buttons (because there is another form outside them) you should consider this design:

• You use AJAX to perform POST requests to your server
• In javascript-disabled environments you use GET links like user.php?action=delete, which shows you very simple form on a separate page. The header in the form asks: "Are you sure you want to delete user X?" and it has two buttons: 1) "Yes" - that submits POST request to operation script, 2) "No" - which sends user back to the page where he has been