I'm working with ASP.NET Core and I'm wondering about the best way to handle IDs for actions like deleting a row from the database. For example, when a user clicks the delete button, it navigates them to a details page where they can review the row's information. In this case, the URL might include a query string like id=12. Is it better to simply use Request.Query["id"] to get that value and pass it to a stored procedure for deletion, or should I consider using a cookie to hold that ID instead? I'm aware that you can't store a value from an OnGet method and use it in OnPost due to the state changes, so what do you suggest?
1 Answer
For actions like delete, it's probably not worth the complexity of using cookies. Since it’s a one-time action, using the ID directly from the query string makes more sense. You could simply pull it when the delete request is sent. That way, you minimize risk - especially for something as critical as deleting data!
My manager wants users to navigate to the details page to review an employee's info before they delete. That's why I'm considering options, but I see your point!