Also, if you decide to use serialize() and unserialize() through the post variables (I'd recommend against using it in the query URL because some browsers have a limit as to how much data they can fit into it), you should consider encrypting it in some way or at least appending an encrypted CRC to it. This is to prevent a malicious user from modifying the contents of the array in a way that may be dangerous to PHP or to your code. Take a look at these functions: http://www.php.net/manual/sk/printwn/function.crc32.php Calculates a CRC http://ca.php.net/manual/en/ref.mcrypt.php Family of extensions that provide encryption capabilities (not available on Win32, I believe) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
