> > I'm not sure I understand. How could a user send incorrect data types
if
> > the types are included as hidden fields? Since the variables are
declared as coming from $_POST, they cannot send anything in the URL.
>
> Nothing stops anyone from copying the "View Source" of a webpage to a
local file, modifying it as they wish, and then pointing their web
browser at the local file and submitting from that.
OK, fair enough. In fact, the hidden fieldtypes in the form are
unnecessary in addition to being unsafe. But you still have the correct
fieldtypes in the array you initially derived from your call, so you can
still prevent any funny business such as mentioned above.
Ross