PHP URL Encoding / Decoding

Question

I used the solution accepted for this question for encrypting by id for example in /index.php?id=3 . The problem is I cannot send the encrypted value as an url, example /index.php?id=dsf13f3343f23/23=. Because sometimes it will have weird characters in the url e.g. notice the = sign in the end

@Michael J.V. : Would like to encode the key to stop people from crawling our data by looping through the ids. Whats wrong with it? Whats the best / better solution? — Imran Omar Bukhsh, Apr 17 '11 at 10:18

score 21 · Accepted Answer · edited Apr 14 '11 at 11:23

21

The weird characters in the values passed in the URL should be escaped, using urlencode().

For example, the following portion of code :

echo urlencode('dsf13f3343f23/23=');

would give you :

dsf13f3343f23%2F23%3D

Which works fine, as an URL parameter.

And if you want to build aquery string with several parameters, take a look at the http_build_query() function.

For example :

echo http_build_query(array(
    'id' => 'dsf13f3343f23/23=',
    'a' => 'plop',
    'b' => '$^@test', 
));

will give you :

id=dsf13f3343f23%2F23%3D&a=plop&b=%24%5E%40test

This function deals with escaping and concatenating the parameters itself ;-)

edited Apr 14 '11 at 11:23

Treffynnon

21,365
6
65
98

answered Apr 14 '11 at 11:07

Pascal MARTIN

395,085
80
655
663

Hey Pascal! may i ask you a simple question when we have an encoded url with characters like ' it gives us %27, now is there any security concerns about these percent numbers?? or any other problems with url encoding besides that the %27 looks very ugly. – Wael Assaf May 06 '17 at 17:17

score 4 · Answer 2 · answered Apr 14 '11 at 11:06

Use PHP's urlencode() function to encode the value before you put it into a URL.

string urlencode ( string $str )
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.

This function converts "weird" characters, such as =, into a format safe to put into a URL. You can use it like this:

Header('Location: /index.php?id=' . urlencode($id))

score 4 · Answer 3 · edited Oct 07 '21 at 05:57

4

If you use Base64 to encode the binary value for the URL, there is also a variant with URL and filename safe alphabet.

You can use the strtr function to translate one from alphabet to the other:

$base64url = strtr($base64, '+/', '-_');
$base64 = strtr($base64url, '-_', '+/');

So you can use these functions to encode and decode base64url:

function base64url_encode($str) {
    return strtr(base64_encode($str), '+/', '-_'));
}
function base64url_decode($base64url) {
    return base64_decode(strtr($base64url, '-_', '+/'));
}

See also my answer on What is a good way to produce an short alphanumeric string from a long md5 hash?

edited Oct 07 '21 at 05:57

Community

1
1

answered Apr 14 '11 at 11:09

Gumbo

643,351
109
780
844

I've implemented this so many times and seems to be easiest way (if you still want to go this route). – TCB13 Apr 30 '13 at 14:54
@Gumbo There is an extra closing parenthesis in your base64url_encode function. – PeterA Nov 23 '21 at 22:32

score 1 · Answer 4 · answered Apr 14 '11 at 11:12

1

There is no use in encrypting parameters.
Send it as is:

/index.php?id=3

nothing wrong with it.

answered Apr 14 '11 at 11:12

Your Common Sense

156,878
40
214
345

Unless you are using a social security number or something similar as a primary key. – vichle Apr 14 '11 at 11:16
should you use it as a primary key at all? – Your Common Sense Apr 14 '11 at 11:23
I'm sure there are some applications where it might be useful. – vichle Apr 28 '11 at 21:30

PHP URL Encoding / Decoding

4 Answers4

Linked

Related