On Fri, November 17, 2006 5:54 pm, John wrote: > a) a form was submitted > b) a processing flag was previously set to process > c) the form/data being submitted/processed is from the correct page - > which > was where the referring url came in. When you send out the FORM, include a <INPUT TYPE="HIDDEN" NAME="token" VALUE="[random value here]" /> Store that random token in your $_SESSION or database or have the squirrels [*] remember it for you. Then, when they POST, check that they are presenting an existing token from your $_SESSION, database, or squirrels nut-store. Not, like, squirrel mail or anything, but actual squirrles. You know, like rats with bushy tails. :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
