I love the xkcd comic on SQL injection: http://xkcd.com/327/

In the yale case, it seems that the customer tried to modify the EULA with their email address. That doesn't seem to be the same method as used in traditional paper forms (ie. you cannot just write 'I dont agree to the TOS' as your first name when signing up for a bank account, you need to strikeout the provisions instead). Whereas, TOSAmend is passing along a new TOS via the POST parameters, which is already where the TOS acceptance is being indicated by the web server. (The analogous pre-web simile is crossing out a TOS provision)

Sanity, As my post says, I'm unaware of the legal precedent, so I can speak only as a technician: The analogy that I'm working with is that the recipient web server has the obligation of validating the TOS POST parameter and the entire POST form in order to accept (or reject) the users registration on behalf of the owners of their company. In a pre-web world, I wonder how much obligation is placed on say, a bank teller, who fails to notice a crossed-out term in a bank account obligation, and how that would translate to an online world. Best, Kevin