I saw someone do a trick like that once, and a geeky spammer looked at the code and passed the hidden field with their bot code. 99.99% of the time a trick like this works, but its easy for a persistent scum bag to get by it.
I had the same problem and got around it by. > > 1. Setting a random 4 digit number at beginning of the form page as a > session variable and assigning this as a hidden form field. > > 2. On the thanks for contact, form processing page I check the value of > the > form var against the session var and if not the same the form is rejected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:226260 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
