Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jun 2007
    Posts
    28
    Thanks
    2
    Thanked 0 Times in 0 Posts

    is there a way to scramble $_GET params

    can someone tell me if it's possible for me to scramble the $_GET parameters in URLs:

    for instance, if i had:

    http://foo.com/?a=Name&b=Email

    but make it look like http://foo.com/ud83u2jd8disakj3f8sifskj43895jf (Just using this as an exmaple, so you guys get what i'm say)

    and have it descramble it

    if anyone can offer any help on how i can accomplish this or link me to any references, that would be great.

    Thanks in advance

  • #2
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    If the link is generated by PHP, you could do some basic mangling with base64_encode() and base64_decode(), although that isn't very secure. There are some tricks you could apply to this to make it more secure though (such as adding random characters in a fixed place, storing the random chars as a session variable, then when reading it remove them).

    Either way, if it is information you do not want seen in the link, it probably shouldn't be there. Not encoded/scrambled either. Consider using session variables, or using some sort of ID and storing the information (so you only have to pass the ID).

    It all depends on your requirements, I guess.

  • #3
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,456
    Thanks
    8
    Thanked 1,084 Times in 1,075 Posts
    How about setting those variables in a session and then you don't
    need to send them with the URL. It would be cleaner and more secure,
    without doing anything to it. That would also allow the name and email
    to be accessed by any of your scripts at any time, until they close their
    browser.

  • #4
    New Coder
    Join Date
    Jun 2007
    Posts
    28
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Well i plan on putting the link on emails so I dont think I can use sessions.

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Yes, you can. They're just like regular variables in that you can insert them into a string.

  • #6
    Regular Coder
    Join Date
    May 2006
    Location
    Wales
    Posts
    820
    Thanks
    1
    Thanked 82 Times in 79 Posts
    You could use a random string at the end of an url as a key in a database that you could get variables from.

  • #7
    Regular Coder
    Join Date
    Apr 2006
    Posts
    231
    Thanks
    9
    Thanked 1 Time in 1 Post
    Do you want to hide the URL?

    If so, you can easily do it without much thinking:

    say url=http://yourdomain.com/(NR HERE)

    put this .htacces in your main folder:
    Code:
    Options +FollowSymLinks 
    RewriteEngine on 
    RewriteCond %{REQUEST_FILENAME} !-f 
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* /decode.php [L]
    and make this decode.php
    PHP Code:
    <?php
    $nav 
    $_SERVER['REQUEST_URI'];
    $parts explode('.com/'$nav);
    $url $parts[1];

    if(
    $url=="1"){
    DO 
    ACTION FOR case 1
    }
    if(
    $url=="2"){
    DO 
    ACTION FOR CASE 2
    }
    ETC ETC
    }
    ?>
    You can also use many parts like 0=false and 1=true if you need. such as: http://domain.com/1-1-0 and explode parts[1] at "-".

    That's what I have for one of my pages, and it is very very neat. I have been using this format for a while now. I use the 2nd part for w/e purpose, like in my music page, I use it for the artist, so it looks like http://domain.com/ARTIST

  • #8
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,011
    Thanks
    2
    Thanked 312 Times in 304 Posts
    I recommend generating and using a unique (not a sequential number) one-time/one-use ID as a parameter on the end of the url, that you store the actual information for in a database and use the ID to relate the link to the actual information. Then, delete or mark the ID as having been used in the database, when someone visits your site using that ID.

    If you use an encrypted form of information and your code will always decrypt it if someone includes it on the end of a url, they could keep a copy of this or pass it around to others and they could keep submitting it. Depending on what you are using this for, this could result in unintended operation of your system.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •