If you create a “Database Delete” server action and add an id column to delete, Wappler defaults to this taking the value of $_POST.id.
I would expect you are much more likely to delete a table row with a GET method, so this request is that the default value offered is $_GET.id
That’s not the case actually.
Using a GET variable means you are calling your server action with url parameters, which means your users can run it directly like:
http://www.yoursite.com/dmxConnect/api/delete_action.php?deleteid=123
in their browser. And if it happens that you have not secured it well they can delete any record just like that.
When using a POST variable, the data is submitted by a form and you cannot just run the url with a parameter added there, the server action can only be run on form submit.
That’s why the default value points to a POST variable, but i see no issue with that … if you want to use GET variables, just pick them in the data picker.
Thanks for the feedback @Teodor.
Yes, security is very important… I see what you are saying.
All my deletion server actions have security protects… so would you say that they are completely safe from outside interference as you described in your post?
Well that is why it is just a default. You can easily replace it to $_GET on the dialog
that is true… but it takes someone who is still climbing towards the summit of their learning curve a short while to work out why their server action isn’t working.
Just part of the process I guess! 
Yes, they are.
So with security protect in place, is GET method as safe as a POST method?
Yes that’s right