|
|
Posted by Good Man on 11/11/28 11:45
MaXX <bs139412@skynet.be> wrote in
news:e25ivo$17vf$1@talisker.lacave.net:
> Good Man wrote:
>> MaXX <bs139412@skynet.be> wrote in
>> news:e258nf$pbt$1@talisker.lacave.net:
>>> The problem is if I'm a nasty guy I just write my own form and
>>> delete any record I want (since I'm auth'd) by just sending another
>>> id.
>> in your database, add a column called "keystring" and index it.
>> populate it with 18 characters or so (write a PHP function that does
>> this at the same time you enter the info in the database). So, this
>> 'keystring' for record 1 might be '9jfhdsufs8ywre' while record 2
>> might be 'agsadgiwqegiqw'.
> It's the idea I have, but I need a to find a way to do this with an
> absolutly unique "keystring" (md5*/sha1??) to avoid duplicate (may be
> extremely rare, but this is the kind of bug you don't want to hunt one
> day ;-) ...)
to make a unique keystring, you could always md5 the current unix
timestamp.
if you're concerned about duplicates, load up the keystrings from the
database into an array and see if your newly generated one has any
duplicates with in_array()
Navigation:
[Reply to this message]
|