> What other best practices are there to ensure nothing can happen?
One idea would be to add a unique variable in a hidden field to each
form. You would store the variable in a database and clear it when the
form was submitted. If a form was submitted and there was not a
matching variable the input would not be accepted. This would be one
way to avoid hacker/cracker/script-kiddies.
Then again, all they'd have to do is load the form, which would have a
valid variable in it, then do their funny stuff based off the variable.
I never said it was fool proof ;)
--
Damien McKenna - Web Developer - [EMAIL PROTECTED]
The Limu Company - http://www.thelimucompany.com/ - 407-804-1014
"Nothing endures but change." - Heraclitus
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
