in that case,
how bout setting a session variable on the form page (which can't be seen
using 'view source' on the form page) and then running a cfif on the post
page to see if the session variable is equal to whatever you told it to be.
if it is than proceed with the submit, if it isn't than spit out HTML code
that says 'error, this request was not submitted by the right page'.
again, the cfif code can't be seen when they view source so they shouldn't
be able to know what you're checking for.
or some combination of that, HTTP referer and the java suggestion.
>HTTP_REFERER can be easily spoofed. It is only a precaution - I'll bet that
>when you do that, even when you contact the other sites, they may *still*
>use your search afterwards.
>
>
>David L. Penton, MCP
>Consultant
>"Mathematics is music for the mind, and Music is Mathematics for the
>Soul. - J.S. Bach"
>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Andrea Loubier
[EMAIL PROTECTED]
Gothica Creative
Digital Media Specialists
1801 Laws Street
Dallas, Texas 75202
214.720.0884 voice
214.303.0698 fax
-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
