The other options might work better. But another solution would be to pass a hidden value from the form to the script, which would prevent people from just hitting the URL directly, though this like the other methods is easily spoofed as well, considering "hidden" values aren't really all that hidden. To make this method *slightly* better you can check to see if the request is from a POST method call, and only accept POSTs, but again this is spoofed very easily.
http://danconia.org t wrote: > I have now got my script to work off of my html form (thanks for all the >suggestions, turns out if > i take out the eq out of the if/then statements, it works), but i have found a >rather bizarre > problem. run against the html form it works fine, BUT, if i just try to run the cgi >script, it > just keeps running and fills up the error log with unitialized value errors over and >over. We have > constant idiots who keep running things against our server, and so i know we could >end up having > an overload if we are not careful. How do i get it to end if it didn't come from the >form>? > > thia > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! News - Today's headlines > http://news.yahoo.com > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
