0

I have a messages table that auto increments and I simply want to able to capture the auto-incremental ID number and store it along with a randomly generated code. I would then use this code to spit out entire pages. For example, let's say the users just updated a new message and the auto-increment message ID is 429. I want to be able to store that 429 and add a 5 digit code to the end so that message gets the 429 ID automatically but also has an identifier in its column with a code like, 429mUwIz.

I would then have a public page that would take that code and show the specific message. So if you were to go to www.example.com/429mUwIz, it would show you the message entered. I obviously need the 5 randomized generator so users couldn't directly go to www.example.com/1, www.example.com/2 and abuse the system.

So what would be the best way to come up with such a code and I know that mysql_insert_id won't work since I need the ID stored with the insert.

Attached is an example of exactly how Path has created such a system. Their letters are also case-sensitive if that helps.

https://path.com/p/2BTxys

Thanks.

EDIT: What's the best way to create this random 5 key code also. Sorry.

user1011713
  • 281
  • 5
  • 23
  • Use `mysql_insert_id` maybe. http://php.net/manual/en/function.mysql-insert-id.php – web-nomad May 15 '12 at 15:10
  • This has been answered by RobertPitt http://stackoverflow.com/questions/5422065/php-random-url-names-short-url – Paolo_Mulder May 15 '12 at 15:12
  • @Pushpesh did you even read the question ? – Manse May 15 '12 at 15:13
  • As a quick way to deter casual attempts to browse messages by changing the URL, have you thought about making sure that the `HTTP_REFERER` field in REQUEST is set to a page on your site? If someone changes the ID in the URL, the field is empty, but if they follow a link, it's fine.... It's not perfect, but it will make casual browsing impossible. – andrewsi May 15 '12 at 15:21
  • @andrewsi never thought of that, thanks for the great suggestion. Also thanks for the link Paolo_NL_FR, definitely looking into that. – user1011713 May 15 '12 at 15:24

2 Answers2

2

You can query for it 

$r = mysql_query("SHOW TABLE STATUS LIKE 'table_name' ");
$row = mysql_fetch_array($r);
$Auto_increment = $row['Auto_increment'];

This retrieves the next auto increment id ... docs for SHOW TABLE STATUS here

And to generate a 5 character random string use 

$rand = substr(md5(microtime()),rand(0,26),5);

Uses microtime() and md5 to produce a hash and then grabs a random 5 characters ..... It doesn't need to be unique as you are using the auto increment id with it ...

Manse
  • 37,765
  • 10
  • 83
  • 108
0

You can avoid that, I mean, you don't have to store the AUTO_INCREMENT id along the random code. Store the random code alone in its own column, then check for it when users ask a page. If there is no match between ID and random code, do not display the page.

At the moment, I can assume you are querying for a Path using:

SELECT * FROM Paths WHERE key = '429mUwIz'

But this is exactly equivalent to:

SELECT * FROM Paths WHERE id = '429' AND key = 'mUwIz'

You just have to split ID and KEY from the URL. You can do this by consider all numbers as ID part, and all letters as KEY part.

lorenzo-s
  • 16,603
  • 15
  • 54
  • 86
  • I thought about this but how could I be sure that the randomly generated code isn't a duplicate? I know that having for example only letts and a 5 character code would generate almost 12 million combinations but these are status updates basically and I could always generate a duplicate couldn't I? – user1011713 May 15 '12 at 15:15
  • @user1011713 Why you have to be sure it's not a duplicate? What is the difference to have a record with `ID: 429, KEY: mUwIz` or `ID: 429, KEY: 429mUwIz`. None. You have just to change the query for accessing data (see answer edit). – lorenzo-s May 15 '12 at 15:18
  • I see what you mean. Thanks for the suggestions. – user1011713 May 15 '12 at 15:24