On 09/12/2010 02:38 AM, Tamara Temple wrote: > > On Sep 11, 2010, at 10:46 PM, Shawn McKenzie wrote: >> It could however be a problem if there is a BOT or something that >> continually submits to your page. In that case (and in general) I would >> recommend using a form token that helps guard against this. > > I've seen this on some sites, but I'm unclear how to implement this. > How is this generally done? > > Thanks, > Tamara > You generate a token before you display the form, something like: $token = md5(uniqid(rand(), TRUE)); Then stick this in a session var and add it as a hidden input on your form. Then on the receiving page check that the session token matches the posted token. viraj's idea sounds cool for your particular problem as well. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
