How to 'encrypt' information passed along in URL when redirecting in PHP?_问答_开发者

How to 'encrypt' information passed along in URL when redirecting in PHP?

开发者 https://www.devze.com 2023-01-24 21:57 出处：网络

Sorry if the title\'s unclear, couldn\'t think of anything better since I\'m still new to this area. :)

Sorry if the title's unclear, couldn't think of anything better since I'm still new to this area. :)

Anyway, my question is this: I want to sen开发者_如何学编程d some information from one page (let's call it 1.php) to another page (let's call it 2.php) using this (don't know the formal name, sorry):

http://localhost/X/2.php?user_id=5&user_type=2&ssn=1234567890&first_name=John&last_name=Doe

As you can see, the information is in plain text, which I dislike. Is there an easy way to encrypt the string after the question mark above in 1.php, and then let the 2.php (that gets the passed-along info) decrypt it? I'd like for it to be something along:

http://localhost/X/2.php?user_id=rj3i15k&user_type=8109fk1JIf&ssn=6893kfj399JFk...

Sorry if this is a stupid question. Many thanks in advance!

If you don't want information to be modified, use a hash string to verify them.

For instance :

$hash = sha1($user_id."haha".$user_type.$ssn.$first_name.$last_name);

The "haha" here, is a salt. Use a random string, it will be use so someone can't reuse your algorithm to inject fake data.

Then put this hash at the end of your url, eg

http://localhost/X/2.php?user_id=5&user_type=2&ssn=1234567890&first_name=John&last_name=Doe&hash=$hash`

When you'll get this information, make the hash again, and compare it to the hash sent : If the information was modified, the hash won't match.

Maybe you're going about it the wrong way.

Thought about storing the data in a serverside session variable? Or even in a database (if you're passing to another machine), then you just need to send the unique identifier of the database entry.

page2 will then read the session variable, or retrieve it out of the database again.

Basically, keep the data serverside and then you wont need to encrypt/decrypt.

Session Example:

page1

<?
session_start();

$_SESSION['pagedata'] = array(
    'user_id'=>5,
    'user_type'=>2,
    'ssn'=>1234567890,
    'first_name'=>'John',
    'last_name'=>'Doe'
    );

header('Location: page2.php');
?>

page2

<?
session_start();

$user_id = $_SESSION['pagedata']['user_id'];
$user_type = $_SESSION['pagedata']['user_type'];
$user_ssn = $_SESSION['pagedata']['user_ssn'];
$user_first_name = $_SESSION['pagedata']['first_name'];
$user_last_name = $_SESSION['pagedata']['last_name'];

// use variables to do stuff
?>

Its called GET, never relate 100% on 2 Way Decryption but this may help you Best way to use PHP to encrypt and decrypt passwords?

you could use base64_encode on the one side and bas64_decode on the other - just as one possibility - but note that this is only for "better looking" url als you want it (for me, this is ugly). this isn't encrypting your data for being more safe or something like that - to achive this, use https and don't confuse your users by doing such crazy stuff.

You should use $_SESSION.