Originally Posted by Old Pedant
Surely the field userid in your database is a NUMBER? No???
Yes it was once...
Then I had a stack of users from same IP signup and send junk to everyone using some system to resend a form over and over with a different userid number! took ages to remove them all.
Not had a single spam message since changing it to a unique random hash ;-)