Previously I wrote about creating a single-use nonce — that is, a unique token that ensures a form was created on your Web server, and hasn’t been previously used — by leveraging MySQL.
That’s useful when you not only need to be sure your server created a form, but also when you need to ensure the form cannot be resubmitted; for example, if you’re taking a order and don’t want to double-process it.
Sometimes, all you need to do is ensure that you created the form. There’s no harm in submitting it twice, or at least the damage would be minimal; for example, you’re asking a user to select some set of criteria, and on that basis, you’ll fetch some database records and show the results.
In those cases, all you really need to do is create a random string of characters and numbers, in a pattern known only to you, and encrypt that string so that all but the most determined cracker cannot easily replicate the pattern.