i.e. User inputs their name + message + email + friends email into a html/flash form
friend gets a link to read the message.
currently I do this:
1 collect form input 2 create hash using the md5/uniqid method : $hash = md5(uniqid($key)); 3 input data to database table using the hash as the primary key value 4 send email to friend with link containing the hash 5 user clicks on link 6 hash read in from the $_GET object 7 hash used to select message details from DB and displayed to the user
There's never a security issue here - i.e. i don't mind how many times / who reads the message, but just want to make it hard to just guess keys to read other messages (otherwise it would just be the db id)
This method works for me, but is it the *right* way?
Thanks for any input
Cheers,
Guy
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
