dessolator Posted March 13, 2008 Share Posted March 13, 2008 Hi, I'm developing a quotation system for a friend but am getting a bit stuck. I'm trying to generate a random quote reference which I'm using a random password generator for. But I want to lookup in the database to ensure that the quote ID generated doesn't already exist but I'm getting really confused in how to do this as I'm fairly new to php. I'm not sure if it would be a for loop and how i'd operate it? I would really appreciate your help on this. I know that I have to query the database in the quote_id column for the id that has been generated, its just the bit after that where the quote number exists and I have to generate a new one. Cheers, Ian <? function random_quote($length) { srand(date("s")); $possible_charactors = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $string = ""; while(strlen($string)<$length) { $string .= substr($possible_charactors, rand()%(strlen($possible_charactors))),1); } return($string); } echo random_quote(; ?> Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Is this a mysql database? Why not create a unique key column with auto_increment? Quote Link to comment Share on other sites More sharing options...
dessolator Posted March 13, 2008 Author Share Posted March 13, 2008 Hi, thanks for your response it is a mysql database, I didn't want to use the auto increasement feature as I wanted the quote id's to be completely random so people can't guess that quote id's as this would make the system more secure. Cheers, ian Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Security through obscurity is not smart in any way. I'm really not sure how you plan on serving this data, but doing so solely on masked id is not smart. Reagrdless, check out UUID in the mysql functions http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 13, 2008 Share Posted March 13, 2008 i'm with discomatt. if there is a way for the user to retrieve secure information by brute force, there is a security issue, not a identifier issue. Quote Link to comment Share on other sites More sharing options...
dessolator Posted March 13, 2008 Author Share Posted March 13, 2008 Thanks for your replies, yeah your right using masked id's are pointless, will just use the auto increasement feature in mysql then use a where statement where userid='34343' and username='user'. Thanks again, ian Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 13, 2008 Share Posted March 13, 2008 Yes, internal user validation is a much better way to do it. Glad we could help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.