Encrypting and decrypting parameter for URL

This topic is locked

Encrypting and decrypting parameter for URL	7/30/2010 9:33:30 PM
PHPRunner General questions
romaldus author I found this article at http://www.mindfiresolutions.com/Encrypting-and-decrypting-parameter-for-URL-618.php Author: Asish Tripathy Most of the time we pass unique values as parameters with the url to use the value in the target page. But passing the value directly causes security issue. For example we used to pass some id to view the detail of the selected item. . To avoid such issue we can pass the encrypted form of the unique value as parameter . And on the target page it'll be decrypted to actual value. Here is a small function which can be used to encrypt and decrypt some value: /** Function to encrypt or decrypt the given value @param string * @return string / function encrypt_decrypt($string) { $string_length=strlen($string); $encrypted_string=""; /* For each character of the given string generate the code / for ($position = 0;$position<$string_length;$position++){ $key = (($string_length+$position)+1); $key = (255+$key) % 255; $get_char_to_be_encrypted = SUBSTR($string, $position, 1); $ascii_char = ORD($get_char_to_be_encrypted); $xored_char = $ascii_char ^ $key; //xor operation $encrypted_char = CHR($xored_char); $encrypted_string .= $encrypted_char; } /** Return the encrypted/decrypted string / return $encrypted_string; } /** While passing the unique value to a link Do the following steps / $id=57;//Let's 57 is the actual id /* For more security multiply some value You can set the multiplication value in config file / $passstring=$id12345; $encrypted_string=encrypt_decrypt($passstring); $param=urlencode($encrypted_string); /** Derive the url for the link / $url='target_file.php?param='.$param; /** While fetching the params in the target file Do the following steps / $fetchid=$_GET['param']; $passstring=urldecode(stripslashes($fetchid)); $decrypted_string= encrypt_decrypt($passstring); /* Divide the decrypted value with the same value we used for the multiplication / $actual_id= $decrypted_string/12345; I wonder if this method (or another method if possible) could encrypt URL parameters in PHPRUNNER generated apps to prevent SQL injection.

Mark as Solved Mark as not solved

2 replies


	romaldus author 7/30/2010
	I found another methods at : http://php.net/manual/en/function.urlencode.php


A	ann 8/5/2010
	Hi, actually SQL injection protection is built-in. You don't need to do anything special to enable it. To prevent user from viewing records you just need to set up permissions on the Securitytab (on the Advanced security settings dialog).

2 replies

Mark as Solved Reply