View Full Version : is there a way to scramble $_GET params

08-24-2007, 04:12 PM
can someone tell me if it's possible for me to scramble the $_GET parameters in URLs:

for instance, if i had:


but make it look like http://foo.com/ud83u2jd8disakj3f8sifskj43895jf (Just using this as an exmaple, so you guys get what i'm say)

and have it descramble it

if anyone can offer any help on how i can accomplish this or link me to any references, that would be great.

Thanks in advance

08-24-2007, 04:19 PM
If the link is generated by PHP, you could do some basic mangling with base64_encode() and base64_decode(), although that isn't very secure. There are some tricks you could apply to this to make it more secure though (such as adding random characters in a fixed place, storing the random chars as a session variable, then when reading it remove them).

Either way, if it is information you do not want seen in the link, it probably shouldn't be there. Not encoded/scrambled either. Consider using session variables, or using some sort of ID and storing the information (so you only have to pass the ID).

It all depends on your requirements, I guess. ;)

08-24-2007, 04:19 PM
How about setting those variables in a session and then you don't
need to send them with the URL. It would be cleaner and more secure,
without doing anything to it. That would also allow the name and email
to be accessed by any of your scripts at any time, until they close their

08-24-2007, 05:01 PM
Well i plan on putting the link on emails so I dont think I can use sessions.

08-24-2007, 05:19 PM
Yes, you can. They're just like regular variables in that you can insert them into a string.

08-24-2007, 05:56 PM
You could use a random string at the end of an url as a key in a database that you could get variables from.

08-24-2007, 06:03 PM
Do you want to hide the URL?

If so, you can easily do it without much thinking:

say url=http://yourdomain.com/(NR HERE)

put this .htacces in your main folder:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /decode.php [L]

and make this decode.php

$parts = explode('.com/', $nav);
$url = $parts[1];


You can also use many parts like 0=false and 1=true if you need. such as: http://domain.com/1-1-0 and explode parts[1] at "-".

That's what I have for one of my pages, and it is very very neat. I have been using this format for a while now. I use the 2nd part for w/e purpose, like in my music page, I use it for the artist, so it looks like http://domain.com/ARTIST :)

08-24-2007, 07:04 PM
I recommend generating and using a unique (not a sequential number) one-time/one-use ID as a parameter on the end of the url, that you store the actual information for in a database and use the ID to relate the link to the actual information. Then, delete or mark the ID as having been used in the database, when someone visits your site using that ID.

If you use an encrypted form of information and your code will always decrypt it if someone includes it on the end of a url, they could keep a copy of this or pass it around to others and they could keep submitting it. Depending on what you are using this for, this could result in unintended operation of your system.