Another potential problem you may need to guard against is that using GET to delete things can have unforeseen side effects.
A bot could index your site and accidentally delete everything.
Even when logged in, a mischievous user could delete items in their own account, or the accounts of others by just creating a load of sequentially numbered html links.
GET should be used to do just that get things.
There are ways to defend against this, including :
- Not actually deleting anything, just setting a flag in your table in a column named display (0 / 1) **
- Making sure each Mysql user only has delete privileges for their own tables
- Limit the number of deletes per minute, say
- Use the POST method for deletes, inserts, updates etc
Just something to bear in mind, 'tis all, and much depends on your situation.
** that might mean you can offer an undo option, or look upon old data as an "archive".