Hey Tom, thanks again for replying. > That depends on what your dicky friend is doing to screw your code up. Dicky...nice name you picked pretty close to what I picked for him, but John Holmes picked something similar for himself so watch out or he could be mad at ya :-D I don't want to break the nice name you picked for this guy so from now on will refer to him as "prick". ;-))
> If you are passing ids' in the url or in post data then encode them. If he is inventing url > variables that happen to match ones you are using then setting them at the start will be enough Nope, in the url,$_post and hidden fields are the things that he has an option of legally changing....I checked those scripts thoroughly...its only the sessions where there's a problem. I'll make the "top changes" for now and after I read up on classes and am sure of what I am doing will add that class you gave me, because if I get strange results I really wont know where they are coming from and could disrupt normal client activity. Thanks again Tom for taking the time and being such a big help. Cheers, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php