View Full Version : unique generated values not matching ??

11-21-2007, 11:48 AM
Hello forums
I had used following function in order to prevent against form spoofing.

function getSecurityCode(){
$_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
return $_SESSION['sess_security_code'];

and I had used that session's value in hidden field of a form as

<input type="hidden" name="security_code" value="<?=getSecurityCode()?>">
and checked when the form is submitted as

if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
//submission goes here..
but the problem is:
the two value never matches ie they are different and its amazing.
I dont know whats gone wrong with my code.
Any help and suggestions are warmly welcome.

11-21-2007, 12:11 PM
use strcmp() instead of ==

if(isset($_POST['security_code']) && strcmp($_POST['security_code'],$_SESSION['sess_security_code'])==0)
(Ensure that session_start() is called in both of your pages)

11-21-2007, 01:11 PM
My guess is that getSecurityCode() is called again on the page, either when the form is output or when the form is submitted. You would need to post your actual code to get help with what it is doing.