<snip> Of course there is nothing intrinsic to forms to prevent someone from saving your POST form, changing it, and submitting the altered one. It's always a good idea to assume that you WILL receive values that you were not expecting. </snip> Agreed, unless you encrypt, its in the open.