Peter Brodersen wrote:
$token = md5(uniqid(rand(), true));
.. is a pretty bad idea, since the output could include quotes, newlines, low-ascii-characters, thereby messing up the form.
How do you figure that? md5() only returns 0-9 and a-f characters.
From the manual: http://php.net/md5 string md5 ( string str [, bool raw_output]) "If the optional raw_output is set to TRUE, then the md5 digest is instead returned in raw binary format with a length of 16."
That "true" is the second parameter to uniqid(), not md5().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php