Interesting in that the generator for the Recatchpa is client-side and you are transmitting both syscode62 and usercode62 in clear.
Using POST is just not enough. Without some encryption decode server-side, this is next to useless and those using this approach would be easy targets for DOS attacks.
I would recommend looking at https://www.qirolab.com/posts/how-to...ple-1609071089 and use similar.
I would use a shedload of field validation client-side before ever allowing a POST operation.
Handling Customer data, as simple as the above is fraught, the main reason I rely on third-party forms as your data's safety is their guarantee for continuing to operate.
Acorn
Bookmarks