You can indeed make a form, but a "post" can also be tricked. This thread shows some solutions about this, especially the GET with some hashing mD5:
http://groups.google.com/group/cake-php/browse_thread/thread/76dfe9536d8a761e/2713f28a4995c203?lnk=gst&q=delete+get+method&rnum=10#2713f28a4995c203 On Jun 30, 5:25 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Hi there, > > A newbie question, so sorry if this is easy. I had a look through the > forum and didn't see the answer. > > I have an area on my app where the user votes by clicking on an > image. Via AJAX, this updates a DIV with stats elsewhere on the > page. The link looks like this: > > http://domain.com/competitions/vote/27 > > How do I prevent someone from voting by manually entering this URL? > Should I change the voting area to a form? I noticed there was a > security component on the forum but some folks weren't happy with it. > > I'm sure everyone's had a similar situation in their app. How did you > go about securing it? > > Cheers, > Wilson --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---