1

I would like to mask ID passed through URL in PHP. For Example i want to transform this :

<a href="userprofile.php?id="26">

in something like 

<a href="userprofile.php?ID=762378207367">
hassan
  • 7,812
  • 2
  • 25
  • 36
DaMatt91
  • 544
  • 1
  • 7
  • 18
  • 3
    by [encrypting](http://stackoverflow.com/questions/tagged/encryption+php) it . – hassan Mar 03 '17 at 16:07
  • create random key for encryption and store it in session. Use it to encrypt and decrypt things. – Dimi Mar 03 '17 at 16:09
  • I think this question is too broad because it really depends on your application, how secure you need this ID to be, etc. You can indeed encrypt, or you could generate a random ID for each user and store it in the db, etc. – laurent Mar 03 '17 at 16:13
  • This seems like an XY problem. Maybe what you want to do is create a unique key that's not sequential. Whenever a new user registers, assign them a random number between 1000000 and 9999999. Then use this number to identify users instead of the actual primary key used in your database. – Dave Chen Mar 03 '17 at 16:20
  • What have you tried? Please make sure to [ask a good question](http://stackoverflow.com/help/how-to-ask) before asking. – Condorcho Mar 03 '17 at 16:32

2 Answers2

2

Base64 decode/encode will do the work. What is base 64 encoding used for?

When you have some binary data that you want to ship across a network, you generally don't do it by just streaming the bits and bytes over the wire in a raw format. Why? because some media are made for streaming text. You never know -- some protocols may interpret your binary data as control characters (like a modem), or your binary data could be screwed up because the underlying protocol might think that you've entered a special character combination (like how FTP translates line endings).

So to get around this, people encode the binary data into characters. Base64 is one of these types of encodings. Why 64? Because you can generally rely on the same 64 characters being present in many character sets, and you can be reasonably confident that your data's going to end up on the other side of the wire uncorrupted.

Credits: @Dave Markle

Usage: <?php $encodedVar = base64_encode($var); ?>

Community
  • 1
  • 1
Roy Bogado
  • 4,299
  • 1
  • 15
  • 31
0

This solves the problem of masking the ID but doesn't do it in the specific way you asked.

You could use a button in a form (which will look just like a link with the right CSS) and POST it:

<form method="POST" action="userprofile.php">
    <input name="id" type="hidden" value="1"><!-- holds id -->
    <button type="submit">View profile</button>
</form>

Just make sure userprofile.php accepts POST.

inorganik
  • 24,255
  • 17
  • 90
  • 114