On Tue, 30 Apr 2002, Cal Evans wrote: > Generate a random number when creating a form, store it in the session and > in a hidden on the form. Then when the post comes back, make sure the hidden > is there and that it matches the one in the session.
That doesn't help, that I can tell - when the form is copied the hidden value will come with it. You could use it to allow each form to be submitted only once (change the random number each time, thus invalidating previous ones) but that will kill the back button and will still allow someone to submit a manipulated form once. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
