[SOLVED] Create unique temporary file name

Dafydd · 12-02-2013, 07:37 PM

If I have this hidden line in a form action function, will 'id' be sent to "do_whatever.php".

Code:

<form action="do_whatever.php" method="get">
 <input blah blah blah>
 <input blah blah blah>
 <input blah blah blah>
 <input type="hidden" name="id" value="<?=uniqid('', true)?>" />
 <input type="submit" value="Submit" />
</form>

Then in "do_whatever.php" I can:

Code:

$tempIDnumber = $_GET['id'];\

And do whatever I require with that number.

I'm reading from
http://stackoverflow.com/questions/5...ue-id-with-get

I read several other Google places, they said: a) This could not be done. b) This was not the way to do this but gave no alternative.
Then I found this which seems reasonable.

So I asking the question my self.

Ser Olmy · 12-02-2013, 07:53 PM

I'm not sure it's all that reasonable to trust data being (re-)posted from a hidden input in a form. Wouldn't it mean that someone could post a form to do_whatever.php with an "id" value of their choosing and cause all kinds of trouble, including overwriting date generated by another session, or ever worse, gain access to data from another (perhaps authenticated) session?

(Disclaimer: Yes, I've done exactly this to fool a web application into believing I had a valid session when in fact I did not. I am not responsible for any legal trouble anybody may get into should they choose to do something similar.)

If the idea is simply to generate a unique temporary file, wouldn't using tempnam be a better and safer approach?

NevemTeve · 12-03-2013, 05:12 AM

Methinks $_SESSION would be a better space to store session-specific data.

Dafydd · 12-03-2013, 02:59 PM

Quote:

Originally Posted by Ser Olmy

If the idea is simply to generate a unique temporary file, wouldn't using tempnam be a better and safer approach?

I did not find how many entities tempnam can have in existence at one time. Would 2000 plus be unrealistic? How many unique file names could it produce in 1 second?

What I want to do:
a) Person comes to website, Enters date, city, state, which is sent via a 'form action' to a function.
b) Function sends to another function which, creates a 'unique file name' and sends this 'unique file name' along with 'date, city, state' to another file.
c) Another file searches for the closest 50 towns to 'city, state', writes them to 'unique file name' pre-pending the date.
d) A search function uses the information created by 'Another file' to search a large data base for matches.
Printed to the screen, it might look something like this.

Quote:

07/21/2013,Houston, TX,Raina rose,artistwebsite.html,venuewebsite.html
07/21/2013,The Woodlands, TX,Rebecca Loeby,artistwebsite.html,venuewebsite.html
07/21/2013,Huntsville, TX,Kacie Jones,artistwebsite.html,venuewebsite.html
07/21/2013,Galveston, TX,Susan Gibson,artistwebsite.html,venuewebsite.html

When everything has been written to the screen, 'unique file name' is removed.

NevemTeve · 12-05-2013, 10:55 AM

That's what $_SESSION is good for.

Dafydd · 12-08-2013, 02:24 AM

Quote:

Originally Posted by NevemTeve

That's what $_SESSION is good for.

After thinking about this and doing some Google search, I probably should go this route.

I need to get on the learning curve truck again. I will close this thread out and start a new one next week.

Thanks for getting me headed in the right direction.
Dave