> >> $token = md5(uniqid(rand(), true)); > >> > >> .. is a pretty bad idea, since the output could include quotes, > >> newlines, low-ascii-characters, thereby messing up the form. > >How do you figure that? md5() only returns 0-9 and a-f characters. > > From the manual: http://php.net/md5 > string md5 ( string str [, bool raw_output]) > "If the optional raw_output is set to TRUE, then the md5 digest is > instead returned in raw binary format with a length of 16."
The true is the second argument (more_entropy) for uniqid. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php