In addition to everything else discussed: 1. make sure the referring page (ie, the form) was as expected (ie, an address you trust). This may block a small % or users who's browser doesn't set a referrer string.
2. ensure that all values were submitted via $_POST, which will prevent the user from entering them directly into the URL Justin French -------------------- Creative Director http://Indent.com.au -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
