Not sure if I posted about this yesterday, anyway new question. I'm building a multi page form. So I"m using hidden fields and echoing them to the next page in the loop. Now someone tells me this is dangerous. "because someone can save the final page (with most of the hidden values) locally, edit it, then load it and submit from it to your final page, overcoming ALL your previous validations. (yes, this is possible for someone that knows how to ditch the HTTP_REFERRER information)" So, a) guess I'd like to see if this is true. I thought HTTP_REFERRER was the server variable for grabbing everything before the script. Aside from that there is nothing in the URL. I see these forms quite a bit. What do people think ? Thank you, Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
