Posted by Oli Filth on 11/19/00 11:45

MaXX said the following on 19/04/2006 15:54:
> Good Man wrote:
>> MaXX <bs139412@skynet.be> wrote in
>> news:e258nf$pbt$1@talisker.lacave.net:
>>> The problem is if I'm a nasty guy I just write my own form and delete
>>> any record I want (since I'm auth'd) by just sending another id.
>> in your database, add a column called "keystring" and index it. populate
>> it with 18 characters or so (write a PHP function that does this at the
>> same time you enter the info in the database). So, this 'keystring' for
>> record 1 might be '9jfhdsufs8ywre' while record 2 might be
>> 'agsadgiwqegiqw'.
> It's the idea I have, but I need a to find a way to do this with an
> absolutly unique "keystring" (md5*/sha1??) to avoid duplicate (may be
> extremely rare, but this is the kind of bug you don't want to hunt one
> day ;-) ...)
>

You could define the keystring column as a unique index. If on your
first insert you get back an error (implying a duplicate), then you can
just modify the keystring and insert again. Repeat until success!

Of course, if this is the method you go for, then using some sort of
hash is redundant; you might as well just generate random integers or
strings of a suitable length.


--
Oli

[Back to original message]