On Fri, 13 Aug 2004 12:39:07 -0700 (PDT), in php.general [EMAIL PROTECTED] (Chris Shiflett) wrote:
>http://shiflett.org/talks/oscon2004/php-security/36 $token = md5(uniqid(rand(), true)); .. is a pretty bad idea, since the output could include quotes, newlines, low-ascii-characters, thereby messing up the form. $token = md5(uniqid(rand() )); ought to be sufficient - and works with PHP4 :) -- - Peter Brodersen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php