How to enctypt URL ? like page.php?id=XXXXXXXXXXXXXXXXXXXXXXX

[ankur0101]

Hi friends,

I have a question.

You have always seen gmail.com

When you open it, it shows some long code in address bar. I know thats URL encryption.

How can I do that ? I know there is a class called base64_encode which can make it, but dont know how to make it .....

 

I have a page like

 

result.php?roll_no=1

 

I want to make it into

 

result.php?roll_no=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

How to do that ?

[mrMarcus]

thing is, encrytping a string is one thing, reading from that encrypted string is another.

 

what are you using this for?

[ILMV]

Well, question #1, do you want to make the id value impossible for others to read? if so, base64 isn't for you, as it can easily be reverse (Google search base64 decoder). You would need to use an encryption technique where you give it a password and only your password can decrypt it.

 

I am unsure if there is a function to do so, but it sounds like that's what you need.

 

 

ILMV

[JonnoTheDev]

I know there is a class called base64_encode which can make it, but dont know how to make it

 

eh?

 

Why not just check the php manual rather than guessing.

To encode & decode:

$string = 1;
// encode $string
$encoded = strtr(base64_encode(addslashes(gzcompress(serialize($string),9))), '+/=', '-_,');

// decode $encoded
$decoded = unserialize(gzuncompress(stripslashes(base64_decode(strtr($encoded, '-_,', '+/=')))));

[ankur0101]

Hey guys, can I use mhash() or md5() here ?

Is it possible ?

[JonnoTheDev]

Hey guys, can I use mhash() or md5() here

 

I don't know why you are attempting to implement such a function. Why would you need to encrypt url parameters? You should not be passing anything through the url that could compromise your program. A simple mod-rewrite regex can validate the parameters are of the correct type. If you used md5() or any other encryption then you have no way of decrypting the values on the resulting page.

 

You should validate URL parameters - not encrypt them

[ankur0101]

How to do that ?

[JonnoTheDev]

How to do that ?

 

Mod Rewrite - Check out the mod rewrite forum boards or look at http://www.easymodrewrite.com/ for a simple tutorial.

 

Validating url parameters:

// this is an example url
http://www.xyz.com/index.php?id=1

// index.php

// the value of $_GET['id'] must be numeric. If it isn't throw a 404 header or die
// i.e. http://www.xyz.com/index.php?id=abc - will not execute
if(!is_numeric($_GET['id'])) {
 exit();
}

// now I will use the value in an sql query - if no records are returned throw a 404 header
$result = mysql_query("SELECT * FROM table WHERE id='".mysql_real_escape_string($_GET['id'])."'");
if(!mysql_num_rows($result)) {
header("HTTP/1.0 404 File Not Found");
die("File not found");
}