Recent Postings

Recent Comments


RSS2 feed


Most Popular Posts

Simple URL encoding using PHP

Friday, 6th March 2009 10:24pm
There are times when I don't want to show the IDs used in query string parameters and what I to do is to use simple URL encoding.

Let me state that this type of encoding is not meant to hide some sensitive data or as a security measure but meant to avoid showing a casual user the IDs being used in a query string so that the user does not try to navigate the site by simply changing parameters in a query string.

If the user really wants to know what IDs are being used I am sure it wont take them long to figure out.

So say its an application passing the driverid(id1) and teamid(id2) in a query string and I don't want to show these in the query string a simple way to achieve that in PHP is to use base 64 encoding.

I find it useful to choose a delimiter especially when they are more than one query string parameters in the originating page.

So say you have two parameters id1 and id2 in the form,
coming from test1.php page, you can use:

$id = base64_encode($id1.'~'.$id2);

with the tilde(~) acting as a delimiter.
This is then used in the form:$id

To retrieve back the query string parameters on test2.php you use:

$queryParams = explode('~', base64_decode($_GET['id']));
$id1 = $queryParams[0];
$id2 = $queryParams[1];

I think this is the basics of it but one can add a few extra steps for example reverse the string before displaying it using the PHP strrev function, for example:

$id = base64_encode($id1.'~'.$id2);
$id = strrev($id);

and then on test2.php use:

$id = strrev(($_GET['id']));
$params = explode('~', base64_decode($id));
$id1 = $queryParams[0];
$id2 = $queryParams[1];

I am sure there are other ways to achieve the same thing but this one simple approach that I use sometimes.

Post a comment:



(required, but not published)


Notify me of follow-up comments via e-mail