[eluser]drewbee[/eluser]
Also, when I am updating data in a form (editing), I always pull in the record in question. During the initial page load the query is run to get the default values. This same query is run even during the post-submit page to verify that the record is indeed theres, and they can update it.
With that being said, if the user messes with the url and tries to edit anything that isn't theres (even after the post) they are auto matically redirected to the create screen of the form.
And Yes I know this creates additional overhead, but it is in the name of integrity, and I am willing to take the risk of that one additional query.
Something else I do as well. Lets say I have a drop down and that drop down is populated from a database lookup. I also call these lookups on the post-submit page. I don't want the user submited values in the database that are not exactly what they are suppose to be. Once again -- additional overhead in the name of integrity.