> >> $token = md5(uniqid(rand(), true));
> >>
> >> .. is a pretty bad idea, since the output could include quotes,
> >> newlines, low-ascii-characters, thereby messing up the form.
> >How do you figure that? md5() only returns 0-9 and a-f characters.
>
> From the manual: http://php.net/md5
> string md5 ( string str [, bool raw_output])
> "If the optional raw_output is set to TRUE, then the md5 digest is
> instead returned in raw binary format with a length of 16."
"true" is an argument to uniqid(), in that snippet:
string uniqid ( [string prefix [, bool more_entropy]])
You would run the risk of messing up the form with (sound of pipe organ)
*excessive entropy*.
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
