tclogo



HotelsCombined.com

Pages

Archives

Categories


Recent Postings

Recent Comments

Feeds

RSS2 feed

Links

Most Popular Posts

Simple URL encoding using PHP

Friday, 6th March 2009 10:24pm
There are times when I don't want to show the IDs used in query string parameters and what I to do is to use simple URL encoding.


Let me state that this type of encoding is not meant to hide some sensitive data or as a security measure but meant to avoid showing a casual user the IDs being used in a query string so that the user does not try to navigate the site by simply changing parameters in a query string.


If the user really wants to know what IDs are being used I am sure it wont take them long to figure out.


So say its an application passing the driverid(id1) and teamid(id2) in a query string and I don't want to show these in the query string a simple way to achieve that in PHP is to use base 64 encoding.


I find it useful to choose a delimiter especially when they are more than one query string parameters in the originating page.


So say you have two parameters id1 and id2 in the form http://www.mysite.com/test2.php?id1=1234&id2=5678,
coming from test1.php page, you can use:


$id = base64_encode($id1.'~'.$id2);


with the tilde(~) acting as a delimiter.
This is then used in the form:
http://www.mysite.com/test2.php?id=$id


To retrieve back the query string parameters on test2.php you use:


$queryParams = explode('~', base64_decode($_GET['id']));
$id1 = $queryParams[0];
$id2 = $queryParams[1];


I think this is the basics of it but one can add a few extra steps for example reverse the string before displaying it using the PHP strrev function, for example:


$id = base64_encode($id1.'~'.$id2);
$id = strrev($id);


and then on test2.php use:


$id = strrev(($_GET['id']));
$params = explode('~', base64_decode($id));
$id1 = $queryParams[0];
$id2 = $queryParams[1];


I am sure there are other ways to achieve the same thing but this one simple approach that I use sometimes.



Post a comment:

 

(required)

(required, but not published)

(optional)





Notify me of follow-up comments via e-mail