The whole $_POST array still confuses me... This may sound real dumb, but how can I make sure that incoming form data comes from a specific webpage. IE: form_action.php checks that its variables are only coming from form.html.

if($_SERVER['HTTP_REFERER']=="page you want it to come from")
{
//execute code
}
else{
//tell them they can only come from wherever

Please note:
From the PHP Manual on the HTTP_REFERER $_SERVER property
This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

I don't believe there's really any method of doing this that's reliable. I could update any sort of Online Journal I had (if I had one) through my own form on my own server, as long as the form elements had the appropriate names.

So simply, yet so well hidden from newbies. Thank you kindly.


EDIT: Yes, but as I have my own server, I'm not worried about other forms on my server from using it. Is it still reliable to stop forms on other websites from using the script?