Jump to content

How to enctypt URL ? like page.php?id=XXXXXXXXXXXXXXXXXXXXXXX


Recommended Posts

Hi friends,

I have a question.

You have always seen gmail.com

When you open it, it shows some long code in address bar. I know thats URL encryption.

How can I do that ? I know there is a class called base64_encode which can make it, but dont know how to make it .....

 

I have a page like

 

result.php?roll_no=1

 

I want to make it into

 

result.php?roll_no=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

How to do that ?

Well, question #1, do you want to make the id value impossible for others to read? if so, base64 isn't for you, as it can easily be reverse (Google search base64 decoder). You would need to use an encryption technique where you give it a password and only your password can decrypt it.

 

I am unsure if there is a function to do so, but it sounds like that's what you need.

 

 

ILMV

I know there is a class called base64_encode which can make it, but dont know how to make it

 

eh?

 

Why not just check the php manual rather than guessing.

To encode & decode:

$string = 1;
// encode $string
$encoded = strtr(base64_encode(addslashes(gzcompress(serialize($string),9))), '+/=', '-_,');

// decode $encoded
$decoded = unserialize(gzuncompress(stripslashes(base64_decode(strtr($encoded, '-_,', '+/=')))));

Hey guys, can I use mhash() or md5() here

 

I don't know why you are attempting to implement such a function. Why would you need to encrypt url parameters? You should not be passing anything through the url that could compromise your program. A simple mod-rewrite regex can validate the parameters are of the correct type. If you used md5() or any other encryption then you have no way of decrypting the values on the resulting page.

 

You should validate URL parameters - not encrypt them

How to do that ?

 

Mod Rewrite - Check out the mod rewrite forum boards or look at http://www.easymodrewrite.com/ for a simple tutorial.

 

Validating url parameters:

// this is an example url
http://www.xyz.com/index.php?id=1

// index.php

// the value of $_GET['id'] must be numeric. If it isn't throw a 404 header or die
// i.e. http://www.xyz.com/index.php?id=abc - will not execute
if(!is_numeric($_GET['id'])) {
 exit();
}

// now I will use the value in an sql query - if no records are returned throw a 404 header
$result = mysql_query("SELECT * FROM table WHERE id='".mysql_real_escape_string($_GET['id'])."'");
if(!mysql_num_rows($result)) {
header("HTTP/1.0 404 File Not Found");
die("File not found");
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.