Search engines generally can't click buttons.

But what about following the "action" when the button is clicked? Basically, action = "/script/log_and_redirect.php" and the "log_and_redirect.php" script connects to the database, inserts into our clicks table, and then redirects the user to a third-party site. So even if the bot doesn't physically "click" the button, if it goes to the next script would it log it to my database and therefore inflate the number of actual clicks on my site? Thx!

There is always a possibility that some bots would see this address in the HTML, and attempt to request that page.

The best way to go about stopping this would be to 'robots.txt' exclude the script. This will stop most of the friendly bots from requesting the redirect script.

thank you!

In a way related to your question is probably this webmasterworld thread [webmasterworld.com], which reports googlebot trying to swallow a mysterious number of URLs with obviously arbitrary GET-Variables.

I'd second g1smd that this is quite improbable for the action-target-CGIs of POST forms. However, Receptional Andy in the above thread assumes some glitch in parts google's infrastructure as one possible cause for the mysterious behaviour in the crawl process. So you'll never know...

But may I raise a more serious question: If you are so unsure about this relatively basic knowledge on CGIs: Are you sure your script is hacker safe? Have you ever heard of mysql-injection-attacks and what did you undertake to protect against them?

most of our scripts do not call for user forms. instead, we use env variables for tracking purposes. for the forms where we do use user input, we use addslashes.

thanks for your help and patience.