Is it true that it is unsafe to have links perform actions?!
In the Sitepoint book on PHP and MySQL I'm reading now, there is a warning about something I never thought of before.
The author says never to use links to perform actions - just use them for their intended purpose, which is to go to related content.
For example, he says you should never have "delete this" links on a page. Instead you should use form submissions for such actions.
The reason, the author says, is because some modern browsers will automatically follow hyperlinks present on a page in the background so the target pages will be ready for immediate display if clicked. Thus you may end up having some of your coded actions occurring even if the user never actually clicks on them!
I never thought of this before, and I'm sure I have lots of code where, instead of a form submission, I decided for convenience to use a URL with query parameters instead, like ..../delete?id=2323. Or links to toggles certain settings.
I wonder how prevalent this problem really is.
Since I read this we've been debating this at my company where all the developers have had links like this for years. Our software doesn't use PHP, but the same principle would hold if true.
The other developers are incredulous about the claim basically saying, "we would have had bug reports for years now if that was really true."
Is it true? Does anybody know of a browser that really does that? And wouldn't such a browser generally overwhelm servers with all the excess get requests that are never used?
I feel like I would have noticed such a problem before while testing because I have links that do things like "toggle a setting," etc.