Magento URL-safe parameter

Question

I want to transmit a token as URL-Parameter.

• Is it safe to just encrypt the token like in Version 1?

• Or needs the token to be encoded like in Version 2 because of unsafe characters?

  $token = Mage::helper('core')->encrypt('123');
  
  //1) encrypted token
  $url = Mage::getUrl('product/index/link', array('key' => $token));
  
  //2) url encoded token
  $encoded = Mage::helper('core')->urlEncode($token);
  $url = Mage::getUrl('product/index/link', array('key' => $encoded));
  

Answer 1

Since the encrypt-function may produce unsafe characters like = or + only the second method with base 64 encoding will be safe.

Use this twoliner:

$key = Mage::helper('core')->urlEncode(Mage::helper('core')->encrypt(123));
$url = Mage::getUrl('product/index/link', array('key' => $key));