On Tue, 30 Apr 2002, Cal Evans wrote:
> Generate a random number when creating a form, store it in the session and
> in a hidden on the form. Then when the post comes back, make sure the hidden
> is there and that it matches the one in the session.
That doesn't help, that I can tell - when the form is copied the hidden
value will come with it.
You could use it to allow each form to be submitted only once (change the
random number each time, thus invalidating previous ones) but that will
kill the back button and will still allow someone to submit a manipulated
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php