For security, you can modify your code so that you check the $_POST elements instead of using the magic globals. That's all well and good. However, someone copy and save your HTML to their local machine, change some values, change the "Action" page of the form to be http://www.yoursite.com/form_page.php instead of "form_page.php". You'll be checking the $_POST elements but you won't have any idea that they were changed and posted from the user's local machine. Is there any way to determine from where the post request came from w/o using http_referer?
Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php