Colin McGuigan wrote:
> Ross Gohlke wrote:
> > I'm not sure I understand. How could a user send incorrect data types if
> > the types are included as hidden fields? Since the variables are
> > declared as coming from $_POST, they cannot send anything in the URL.
>
> Nothing stops anyone from copying the "View Source" of a webpage to a
> local file, modifying it as they wish, and then pointing their web
> browser at the local file and submitting from that.
Correct and another point to understand is that 'hidden' fields are not
hidden.
--
Until later, Geoffrey