1

delete options in each row

I have delete options for each row like this. I successfully deleted the data using GET method but How to delete in POST/DELETE method using the same layout? Is GET method the safe way to delete?

Raaz
  • 1,669
  • 2
  • 24
  • 48
  • you need to use a form to do so.. – xurshid29 Feb 13 '15 at 06:59
  • but html forms can use only GET/POST methods (not others).. – xurshid29 Feb 13 '15 at 07:09
  • @xurshid29 can you help me with the logic? so the user clicks the delete btn(i dont want to use the get method) then i should redirect him to a page for confirmations where the forms lives? In yii2 , delete usually takes place in post method. – Raaz Feb 13 '15 at 07:41
  • See this answer: http://stackoverflow.com/a/11810013/2335537 GET is just as safe as using POST in this case. – Daniel Mensing Feb 13 '15 at 08:00
  • 1
    @RajShakya may be this [post](https://www.digitalocean.com/community/tutorials/how-to-use-symfony2-to-perform-crud-operations-on-a-vps-part-2) can help.. Also looks like there is a [bundle](https://github.com/SymfonyContrib/ConfirmBundle) for this.. – xurshid29 Feb 13 '15 at 08:20

2 Answers2

3

To use the DELETE method the best way is to use a form with a POST method and then fake the DELETE using a _method field. The form can then set the CSS of the form to be display: inline; or display: inline-block;.

Your "delete button"

<form action="{{ path('your_path') }}" method="POST" class="delete-button-form>
    <input name="_method" value="DELETE" type="hidden">
    <button type="submit" class="btn btn-danger">Delete</button>
</form>

Your css

form.delete-button-form {
    display: inline-block;
}

You can see a fiddle of this layout here

You will also need to set the config to use the http method override which the docs cover better than I could. Taken from here

The _method functionality shown here is disabled by default in Symfony 2.2 and 
enabled by default in Symfony 2.3. To control it in Symfony 2.2, you must call 
Request::enableHttpMethodParameterOverride before you handle the request (e.g. 
in your front controller). In Symfony 2.3, use the http_method_override option.
qooplmao
  • 17,622
  • 2
  • 44
  • 69
1

Is GET method the safe way to delete?

I don't think is safer to use GET, POST, or DELETE. Whatever method you use, you still have to add rules in the firewall or in the controller to ensure that an user has the right to delete something.

You can declare a specific route for deleting an instance of your entity, without using any form:

/**
 * @Route(
 *      "/something/{id}/delete",
 *      name="something_delete"
 * )
 */
public function somethingRemoveAction($id)
{
    $something = $this->getDoctrine()
        ->getRepository('ACMEBundle:Something')
        ->find($id);

    $em = $this->getDoctrine()->getManager();
    $em->remove($something);
    $em->flush();

    // Suggestion: add a message in the flashbag

    // Redirect to the table page
    return $this->redirect($this->generateUrl('something_list'));
}

Then create a button for each row of the table:

<a href="{{ path('something_delete', {'id': something.id}) }}">
    <button type="button">Delete</button></a>
A.L
  • 10,259
  • 10
  • 67
  • 98