•  30-09-2019
  •  | 
  •  

Question

I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502.

I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ.

The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.

So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?

EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different, so this would work.

Was it helpful?

Solution

You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.

OTHER TIPS

Maybe passing the cryped data through urlencode() would fix this? After you do that, you would have to intercept the data before CodeIgniter does, and run urldecode() on it.

Just a quick idea, so good luck!

Look for some characters that the encryption doesn't use and replace them as it fits. When using urls, undo it.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top