i cant figure how to do want i want! arg! what i need to do is that a PHP file recieving $_POST data can check that the data came from the same server? its probably right in front of me...

if($_SERVER["HTTP_REFERRER"]!="url of your server")
echo ("This form is being used illegally");

Syntax may be a little off but you get the idea. Of course using HTTP_REFERRER isn't full proof though as some agents won't give up that info or allow the user to change that.

I would use a session variable that gets intialized with a distinct value on the page that contains the form.

And on the receiving page check if that value has been set and thus been associated to the current session. In this case start processing the $_POST data, while in the other case you issue an abuse message.

thanks guys but spooksters reply is the most relevent. i am making a RPG with php and the actions are initialised by using actions.php?action=attack (i have opted for get rather than post) so i thought that a person could initialize a variable then go to a local file and then send data and that session thanks would still be active spookster!