Website security against email spammers

I use a series of php  pages to display information from the db. At the end of this series of pages I provide a contact page where the php script 1) goes to the db to retrieve the email address of the record owner and 2)  sends the contact info from the form to the record owner.

I didn't establish any sessions for any of these displays. I send the record ID number through the url for the displays and the contact form. I realize now that if someone iterated through the numbers and changed the url they could send every record holder an emaiol through the contact form. Hmmmm, not good.

So I need to secure this process and I am looking for suggestions. Should I put everything into a session? Or should I send an email to the sender for verification of each contact before sending the email to the record holder? This would ensure that any spammer would receive one spam for every one they sent (a minor consulation :)). Or should I make an md5 hash of the record ID and some other factor(s) and send it in addition to the record ID to verify it hasn't been tampered with?

Are there other methods that I could use? Which would be the most secure? easiest to install?

I assume you use GET to receive the ID - I'd suggest you use POST as this makes the ID and other variables invisible in the browser bar, store everything in a session.

What do you mean you show a contact form? Is this within when the user has already logged in? If so, a session would be the best way to deal with this problem.

Thanks artviper. I took your advice and used sessions.

Hi Frank,

using post variables will not show the ID inside the url but the script is still not protected against spam bots. Using sessions is a good idea.

just put all vars into an array, serialize the array store the var in a session and use unserialize on the next page