dessolator Posted March 13, 2008 Share Posted March 13, 2008 Hi, I'm developing a quotation system for a friend but am getting a bit stuck. I'm trying to generate a random quote reference which I'm using a random password generator for. But I want to lookup in the database to ensure that the quote ID generated doesn't already exist but I'm getting really confused in how to do this as I'm fairly new to php. I'm not sure if it would be a for loop and how i'd operate it? I would really appreciate your help on this. I know that I have to query the database in the quote_id column for the id that has been generated, its just the bit after that where the quote number exists and I have to generate a new one. Cheers, Ian <? function random_quote($length) { srand(date("s")); $possible_charactors = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $string = ""; while(strlen($string)<$length) { $string .= substr($possible_charactors, rand()%(strlen($possible_charactors))),1); } return($string); } echo random_quote(; ?> Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/ Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Is this a mysql database? Why not create a unique key column with auto_increment? Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491660 Share on other sites More sharing options...
dessolator Posted March 13, 2008 Author Share Posted March 13, 2008 Hi, thanks for your response it is a mysql database, I didn't want to use the auto increasement feature as I wanted the quote id's to be completely random so people can't guess that quote id's as this would make the system more secure. Cheers, ian Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491664 Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Security through obscurity is not smart in any way. I'm really not sure how you plan on serving this data, but doing so solely on masked id is not smart. Reagrdless, check out UUID in the mysql functions http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491668 Share on other sites More sharing options...
BlueSkyIS Posted March 13, 2008 Share Posted March 13, 2008 i'm with discomatt. if there is a way for the user to retrieve secure information by brute force, there is a security issue, not a identifier issue. Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491670 Share on other sites More sharing options...
dessolator Posted March 13, 2008 Author Share Posted March 13, 2008 Thanks for your replies, yeah your right using masked id's are pointless, will just use the auto increasement feature in mysql then use a where statement where userid='34343' and username='user'. Thanks again, ian Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491679 Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Yes, internal user validation is a much better way to do it. Glad we could help. Link to comment https://forums.phpfreaks.com/topic/96034-generate-random-quote-id/#findComment-491682 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.