salt and hash encryption/decryption for links

Question

ok, so i have some links that will be generated for some ads on my website via php. Now the problem i have is simply i understand how md5 works and it's not an encryption and it can not be re-rendered in its rarest form..... i have some mysql ids that i want to use as the data to select witch ad to query the database for , but i do not want my users to have access to the ads id..... so i was hoping someone could show me how to use the hash/salt method in this case..... Please note: i have been looking through this site for this answer and i see people time and time again say salt/hash is not encryption i understand that but its not as simple to attempt to hack my site if the links were hashed as they would be if they were just simple integers.

php script:

<?
function SuperAd($id){
    $sql = mysql_query("SELECT * FROM `ads` WHERE `id`= $id");
    while($ad = mysql_fetch_array($sql)){
        $title = $ad['title'];
        // here is where i want to encrypt 
        $adlink = $ad['id'];
    }
}
?>

Your question is not at all clear. What it is that you want to perform the hash on? And when? — Oliver Charlesworth, Dec 24 '11 at 23:46
I don't understand how an attacker could hack your site just by knowing the ad id? — Audun Larsen, Dec 24 '11 at 23:50
@xqus It's easy, actually: just use an id of `1; drop ...` ^^ — , Dec 24 '11 at 23:52
I think you are simply looking for a unique, random id for each ad, not necessary for *encrypting* a numeric id. — deceze, Dec 25 '11 at 00:55
@josh this is the main reason im starting to dislike stack .... if you dont have nothing nice to say then dont say nothing at all. obviously i don't know or i wouldn't ask a question — Youngnate DaGreat, Dec 25 '11 at 01:32

score 2 · Accepted Answer · edited May 23 '17 at 11:55

2

Adding salt is just a securer addition to hashing. And hashing is one way only. It sounds like you want some way of encrypting your $ad['id'], so that instead of users seeing:

/viewad/1/

they see:

/viewad/12lk3jx09c8faf/

right?

Just Google for some quick encryption / decryption algorithms.

EDIT: Here is a quick S.O. question that may help you:

Best way to use PHP to encrypt and decrypt passwords?

edited May 23 '17 at 11:55

Community

1
1

answered Dec 24 '11 at 23:52

Josh

12,448
10
74
118

Although there is not an inherent reason to use encryption... there are numerous ways to map external values to an internal ID... the methods that used a nonce *could* actually be potentially "more secure" than encryption. – Dec 24 '11 at 23:54
I agree. Two way encryption seems like a better choice. If not you also need to store the hash in the db, and then.. you could just used the id. – Audun Larsen Dec 24 '11 at 23:56

score 1 · Answer 2 · answered Dec 25 '11 at 01:22

1

You could solve your problem by using a row guid which would be unique & non guessable without having to do a hash

answered Dec 25 '11 at 01:22

Toby Allen

10,997
11
73
124

salt and hash encryption/decryption for links

2 Answers2