Regarding Session Variables - Can't the session be set to expire , so that if someone tried to reload later it would fail ? Stuart --- Frank Flynn <frankflynn@xxxxxxx> wrote: > Using hidden fields is not less secure than using > visible fields - or > session variables which were filled out by end user > input. > > Hidden fields can be modified but so can any other > field and you need > to check that the values you receive are expected > and proper before you > process them. There are probably some good articles > on this (better > than what I can come up with off the top of my head) > but for each field > you need to check: > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
