Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>If your requirements are:</p> <ul> <li>It must be reversible (i.e. given <strong>just</strong> the "random" ID, you can find the original order_id)</li> <li>No extra columns</li> <li>You don't want to show the original/internal order_id to the user at all</li> </ul> <p>then I would recommend some kind of two-way encryption. Hashing won't work as you can't find the original value from a hash.</p> <p><em>I'm also adding that it should be human-friendly e.g. someone can call it out over the phone to you</em></p> <p>I'm going to use a very simple two way encryption class located <a href="http://www.tonymarston.com/php-mysql/showsource.php?file=std.encryption.class.inc">here</a>, which was written by Tony Marston.</p> <p>We want the solution to be human-friendly so let's remove some of the scramble chars. I've left only uppercase characters, numbers and the space and dash symbols. All of these can be easily communicated using the standard phonetic alphabet, and the forced use of uppercase removes any confusion as to what a character is.</p> <p>These are the scramble strings I used (I used <a href="http://textmechanic.com/Word-Scrambler.html">this online word scrambler</a> rather than trying to scramble the string myself):</p> <pre><code> $this-&gt;scramble1 = '0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ '; $this-&gt;scramble2 = 'UKAH652LMOQ FBDIEG03JT17N4C89XPV-WRSYZ'; </code></pre> <p>So the code to create our human-friendly order id is:</p> <pre><code>&lt;?php include 'encryption_class.php'; $crypt = new encryption_class(); $key = "A-COMPLETELY-RANDOM-KEY-THAT-I-HAVE-USED"; // Min length of 8 for encrypted string $min_length = 8; $order_id = 123456789; print "Original: " . $order_id . PHP_EOL; $encrypt_result = $crypt-&gt;encrypt($key, $order_id, $min_length); print "Encrypted: " . $encrypt_result . PHP_EOL; // DECRYPT $decrypt_result = $crypt-&gt;decrypt($key, $encrypt_result); print "Decrypted: " . $decrypt_result . PHP_EOL; ?&gt; </code></pre> <p>(You need to download and save the *encryption_class* file locally, and include it).</p> <p>I ran that code from the command line and received the following output:</p> <pre><code>Original: 123456789 Encrypted: 2UD5UIK9S Decrypted: 123456789 </code></pre> <p>Now we have our short, human-friendly order_id, which can be used in a URL such as <a href="http://myapp.example.com/order/view/2UD5UIK9S">http://myapp.example.com/order/view/2UD5UIK9S</a>, and you never need to display or communicate the internal order_id to your users.</p> <p><em><strong>Notes:</em></strong></p> <p>The encrypted code will be unique once your order_id is unique (since it's a PK it will be)</p> <p>This should not be used as a password encryption/decryption routine - don't store passwords, store hashes.</p> <p>Make sure your secret key is random, complex and contains <em>only</em> the characters in your $scramble variables.</p> <p>It obfuscates the order_id only.</p> <p><strong>Edit:</strong></p> <p>Although padding the input string (order_id) generates a certain amount of ramdomness, you could combine this with @biakaveron's answer to create a URL like <a href="http://myapp.example.com/order/view/5cc46aea44e898c3b4e1303eb18d8161302cd367/2UD5UIK9S">http://myapp.example.com/order/view/5cc46aea44e898c3b4e1303eb18d8161302cd367/2UD5UIK9S</a> </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload