I think you need to implement some kind of token system to ensure database search requests only originate from your site. For example see http://phpsec.org/projects/guide/2.html
It should NOT be possible to get XML for your database simply by looking at your form, and then typing a URL like http://www.example.com/database.php?name=mississippi The form should ensure that some authorisation token is sent, either by PHP session or maybe something like http://www.example.com/database.php?name=mississippi?token=AKD9SKD38ALDJ3F --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
