As a PHP developer I was searching for encryption/decryption process to improve security of the application. The requirement was very simple. I was passing an “ID” in URL and get that ID to another page using $_GET. Now, my client didn’t want to see the actual ID on URL. So, I started searching for PHP encryption functions on www.php.net.
After trying several functions, I was not getting what I wanted because most of the time I was facing hard time to decrypt the value I passed. Then I found base64_encode() and base64_decode() functions which is very easy to use in my case. When I did little searching about this, I have found some of the threads that says it is not very effective and some one can easily mess around if he wants. Then also I decided to use these functions and just make ID value complicated. So, here what I did.
My previous url was : www.example.com?id=4 (This is without encryption and I don’t want that)
Now if I use simple base64_encode that would be like
www.example.com?id=4 would be something like
www.example.com?id=NA==
This is very easy to decrypt and one can easy understand that this is base64_encode(). So let’s make it little complicated.
If , I take any double number say for example “525325.24” and multiply it with the ID so the code would be
$u_id=(double)$_GET[‘id’] * 525325.24; (Do multiplication)
$id=base64_encode($u_id);
So, now the www.example.com?id=MjEwMTMwMC45Ng== (I think which is quite OK and hard to predict)
Now for decryption you need to do
$u_id=base64_decode($_GET[‘id’]);
$id=(double)$u_id / 525325.24; (Do Division);
and you will get the ID= “4″ in this case.
If some one try to decode it with regular process he never get the actual ID value. Because whatever he gets would be something like“2101300.96″ multiplied doubled value so according to me it is completely secure encryption/description process. Below is the full example.
=====================================================================
“encrypt.php”
<?php
function encrypt($sData){
$id=(double)$sData*525325.24;
return base64_encode($id);
}
function decrypt($sData){
$url_id=base64_decode($sData);
$id=(double)$url_id/525325.24;
return $id;
}
?>
=======================================================================
“xxx.php”
include “encrypt.php”
your php code {
…….
……….
<td><a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://staroneweb.co.in/simple-effective-encryptiondecryption-with-php/”editxxx.php?id=<?php echo encrypt($rows[‘id’]);?>”>EDIT</a></td>
}
========================================================================
“editxxx.php”
include “encrypt.php”
your php code {
if(isset($_GET[‘id’])) {
$id=decrypt($_GET[‘id’]);
}
………………..
………………..
}
=========================================================================
There might be better and efficient methods than this but I found it useful so I posted. You can leave your comments.