Well one of the most prevelling arguements is not to trust anything in the $_SERVER global, something i sort of knew and wasn't planning on doing. Another thing i've noticed is the use php_self seems to have some issues under apache? From what i've read people use php_self and $_SERVER together to post back, and that's "asking for trouble." And then there is the action="" method, which some browsers don't like, and again, i wouldn't use. I propose a direct url to the same page for processing. Other than that i haven't found anything that states a huge concern with security. The data i'm sending is not sensitive like ssn or ccn or things of that nature. HTH, D!J!X! _____ From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Jared Wright Sent: Saturday, May 29, 2010 3:20 AM To: programmingblind@xxxxxxxxxxxxx Subject: Re: PHP Forms And self posting I'd be interested in anything you come up with that can explain why this might be a bad idea. I have always used them without much hesitation. On 5/29/2010 12:01 AM, D!J!X! wrote: Hey guys, i'm finishing up a site here and was just wondering, i've been reading online and it seems that some people strongly suggest against having php forms post back to themselves for error displaying and correction and processing. I can sort of understand why, but then again it seems that a lot of people are using it and recommend it, w3c included. Does anybody have any comments/opinions they can share that would help me shed some light on this matter? Self posting would make my life easier, but i have a solution that separates processing from the actual form page, except that there's a bit of code involved to redisplay the form with values filled in, error messages displayed etc. Any thoughts, comments, articles on the topic? THX, D!J!X!