Preventing CSRF Attacks
How Does It Work?
Message Board Revisited
Use POST rather than GET in forms
Turn off register_globals and use $_POST instead
Don't make important actions too easy
Try to force the use of your own forms
Learn from your peers!