> How do I prevent someone from using their own form to submit > to my action page and skipping my javascript function to make > sure the data is well formatted?
If you want to make sure the input is well formed, you'll need to do that on the server side. Do not rely on JavaScript code to do this for you. Having said that, if you need to protect the form itself there are a few ways to approach that. One of the best would be to use a captcha. Another would be to check the cgi.http_referer variable on submission (though this can be easily spoofed if the person is determined enough). Embedding a hidden value into the form will help ensure the post came from your generated form, though it won't stop someone from turning off JavaScript and submitting the form with whatever values they want, so again, verify the input on the processing side in addition to any client-side script you're using. -- Justin Scott | GravityFree Member of the Technical Staff 1960 Stickney Point Road, Suite 210 Sarasota | FL | 34231 | 800.207.4431 941.927.7674 x115 | f 941.923.5429 www.GravityFree.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:320610 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
