I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502
.
I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ
.
The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.
So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?
EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different, so this would work.
You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.
Maybe passing the cryped data through urlencode()
would fix this? After you do that, you would have to intercept the data before CodeIgniter does, and run urldecode()
on it.
Just a quick idea, so good luck!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With