The easiest way would be to check CGI.HTTP_REFERER to see if it's your registration.cfm page. Another way to go about it would be to check for session values to make sure that a session value set on the initial page load matches the one currently in session. Something like this:
<cfparam name="Session.FormID" default="#CreateUUID()#" /> <cfif IsDefined("FORM.Fieldnames")> <!--- The form has been submitted ---> <cfparam name="FORM.FormID" default = "" /> <cfif FORM.FormID NEQ Session.FormID> <p>Bad user, not sent from our site.</p> <!--- Five them a new form id, just to make it a little harder ---> <cfset Session.FormID = CreateUUID() /> <cfelse> <!--- Continue processing your form ---> </cfif> </cfif> <!--- Lots of other code ---> <cfform> <!--- Lots of other form fields ---> <cfinput type="hidden" name="formid" value="#Session.FormID#" /> </cfform>
Hope that helps,
Adobe Community Expert
If security is a concern, keep in mind that headers can easily be messed with. You might want to try out the Tamper Data addon for Firefox to see what I mean. Even if the form was submitted from the correct page, it won't mean that your user input is clean and safe.If you haven't seen what can so easily be done, you are about to be terrified hehe... Form input is a great place for a blind SQL injection attack. Some times developers will cover url variables pretty well, but not cover form input so much.
Best practice is to assume that any and all user input is going to be used as an attack, and treat it accordingly.