What's the secure way to delete something?

[eluser]yabune[/eluser]
What's the best way to delete something from database?

I was using a function in controller, so I would delete an item with an url like this: www.somesite.com/items/delete/3

But this isn't the secure way, isn't it?
If I write directly the delete url, I could accidentally delete something not supposed to be deleted.

Should I use a form submission and check the id to delete by post method? And if I already have a form submission for updates? Can I have a secondary form submission for deletion?

Thank you!

[eluser]WanWizard[/eluser]
The standard rule is to use get's for read (in CI that would be URI segments), posts for update.

I personally think there is nothing against doing updates based on URI segments, as long as you do proper validation of the request, to make sure the user is entitled to perform the action. If so, I don't care very much if the user arrived at the URI by navigation or by typing it in.

If you're worried about accidents, the URI could present a form in which the requested action must be confirmed, and use the post of that form to perform the action.

[eluser]n0xie[/eluser]
Any destructive action via URL is bound to be a potential XSRF nightmare. You are right to assume that this is not the way to go. Use a 'are you sure' form with a nonce to make sure the action is not triggered by accident or by forgery.