> should I use $ENV{HTTP_REFERER} to check wether a form was sent from my
> site.
> Because I don't want people to download my webpage, put a link to a form,
> and modify some of the forms so it can crash the script.(eventough i tried
> to protect from that).Enough error handling in your script will keep it from crashing. And if the script does crash, it's not you who suffers, it's hte idiot who's trying to link a form to it when all their users get an error 500 :) You could try using the script to generate the HTML and set a cookie on the clients machine, then when they hit submit have it post back into the same script which would then see the cookie and do a small weak authentication based on it, then return the results of the form. I would make a smaple but it's only 7am here, I should be sleeping still... Dennis Stout -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
