Hi,
How to I make the script to go back to the same webpage if hacker tries to change the GET variables at the URL query string? I have the validation code, I just don't know how to redirect back to the same page. I can use HTTP_REFERER if the user clicks from one page to the next, but what if the user change the url string in the browser address bar directly?

Many thanks.

The easiest way is probably to send some javascript, otherwise I think you'd have to keep track of the last page hit by each ip just for this minor functionality. Echo this in the header for the easy route:

<script type="text/javascript">
window.onload = history.back();
</script>