Databases
StackOverflow2013
Postsdbo
POHide autoincrement ids in GET parameter (PHP)
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHide autoincrement ids in GET parameter (PHP)
    text
    copied!<blockquote> <p><strong>Edit:</strong> I have since found and published an efficient and elegant solution that transforms IDs like <code>3141592</code> to strings such as <code>vJST</code> and backwards. It's available for PHP here:</p> <p><a href="https://github.com/delight-im/PHP-IDs" rel="nofollow noreferrer">https://github.com/delight-im/PHP-IDs</a></p> <p>Providing some background, it uses Knuth's multiplicative hashing followed by a base conversion to generate unique, reversible, non-sequential IDs.</p> </blockquote> <p><strong>Problem:</strong></p> <p>I have dynamic pages in PHP where the content is shown according to the given id. The id is always submitted via a GET parameter: page.php?id=X This causes a problem: Site visitors can enumerate the ids and simply walk through all the different content pages. This shouldn't be possible, of course.</p> <p><strong>How could this be solved?</strong></p> <p>My approach is to encode all ids in links and forms which are used as a GET parameter later. At the beginning of every page, the given id is decoded into the "real" id which is used in the database. Is this a good approach? Would you choose another way?</p> <p><strong>Possible solution of my approach:</strong></p> <p>I would convert the integer id to a base 38 integer and replace the digits by characters of a given list. I would use these characters for the encoded string id:</p> <p>a-z 0-9 - _</p> <p>Would you use other characters as well? For these characters my script would be this:</p> <pre><code>function id2secure($old_number) { $alphabet_en = array(0=&gt;'1', 1=&gt;'3', 2=&gt;'5', 3=&gt;'7', 4=&gt;'9', 5=&gt;'0', 6=&gt;'2', 7=&gt;'4', 8=&gt;'6', 9=&gt;'8', 10=&gt;'a', 11=&gt;'c', 12=&gt;'e', 13=&gt;'g', 14=&gt;'i', 15=&gt;'k', 16=&gt;'m', 17=&gt;'o', 18=&gt;'q', 19=&gt;'s', 20=&gt;'u', 21=&gt;'w', 22=&gt;'y', 23=&gt;'b', 24=&gt;'d', 25=&gt;'f', 26=&gt;'h', 27=&gt;'j', 28=&gt;'l', 29=&gt;'n', 30=&gt;'p', 31=&gt;'r', 32=&gt;'t', 33=&gt;'v', 34=&gt;'x', 35=&gt;'z', 36=&gt;'-', 37=&gt;'_'); $new_number = ''; while ($old_number &gt; 0) { $rest = $old_number%38; if (!isset($alphabet_en[$rest])) { return FALSE; } $new_number .= $alphabet_en[$rest]; $old_number = floor($old_number/38); } $new_number = strrev($new_number); return $new_number; } </code></pre> <p><strong>Additional question:</strong></p> <p>What would be the reverse function for my function?</p> <p>I hope you can help me. Thank you!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload