How to pass the transaction id to partner's script via php in a secure way?

My task is to do some calculatons with data provided by our partner and to return back the result. So in more details: I get data from partner,then generate confirmation form for user, he checks out that everything is OK and confirms my form. Then i generate "transaction" id, and need to redirect to partner with this id.开发者_C百科 The question is: how to pass such id so neither user nor anybody else could affect this param?

It sounds like your problem can be solved simply by using something unguessable for the transaction id. You could do something like this in PHP: md5(uniqid(rand(), true))

Something identifying needs to be passed, and it sounds like this identifier is ultimately coming from the user (since they will be carrying it with them from one site to another.) They will always be able to tamper with it if they really want to. By passing something random, you ensure that all they can do by tampering is render it invalid.

I would use a crypt function to encrypt the id. You need to agree with your partner on the key to decrypt. For this you can use mcrypt: http://nl2.php.net/manual/en/book.mcrypt.php

There is no way to redirect and provide an id without showing your user what the id is (neither with post nor get). So you want to obfuscate the id. Optionally you can add a checksum with the encrypted id so the other side can check if the id has been messed with.

Hope this helps