On Tue, 30 Apr 2002, Cal Evans wrote:
> Generate a random number when creating a form, store it in the session and
> in a hidden on the form. Then when the post comes back, make sure the hidden
> is there and that it matches the one in the session.

That doesn't help, that I can tell - when the form is copied the hidden
value will come with it.

You could use it to allow each form to be submitted only once (change the 
random number each time, thus invalidating previous ones) but that will 
kill the back button and will still allow someone to submit a manipulated 
form once.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to