> >> $token = md5(uniqid(rand(), true)); > >> > >> .. is a pretty bad idea, since the output could include quotes, > >> newlines, low-ascii-characters, thereby messing up the form. > >How do you figure that? md5() only returns 0-9 and a-f characters. > > From the manual: http://php.net/md5 > string md5 ( string str [, bool raw_output]) > "If the optional raw_output is set to TRUE, then the md5 digest is > instead returned in raw binary format with a length of 16."
"true" is an argument to uniqid(), in that snippet: string uniqid ( [string prefix [, bool more_entropy]]) You would run the risk of messing up the form with (sound of pipe organ) *excessive entropy*. --------------------------------------------------------------------- michal migurski- contact info and pgp key: sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php