开发者

Encrypted data in URLs

I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502.

I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ.

The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.

So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?

EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different开发者_运维百科, so this would work.


You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.


Maybe passing the cryped data through urlencode() would fix this? After you do that, you would have to intercept the data before CodeIgniter does, and run urldecode() on it.

Just a quick idea, so good luck!


Look for some characters that the encryption doesn't use and replace them as it fits. When using urls, undo it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜