On 09/12/2010 02:38 AM, Tamara Temple wrote:
> On Sep 11, 2010, at 10:46 PM, Shawn McKenzie wrote:
>> It could however be a problem if there is a BOT or something that
>> continually submits to your page.  In that case (and in general) I would
>> recommend using a form token that helps guard against this.
> I've seen this on some sites, but I'm unclear how to implement this.
> How is this generally done?
> Thanks,
> Tamara

You generate a token before you display the form, something like:
$token = md5(uniqid(rand(), TRUE));  Then stick this in a session var
and add it as a hidden input on your form.

Then on the receiving page check that the session token matches the
posted token.

viraj's idea sounds cool for your particular problem as well.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to