Hide database record ID in php mysql

Need to know how to mask or hide records displaying in the url. i.e. http://somewhere.net/page/info.php?prod=123.  Is there a way to mask that so users can't change the "123" to another number and pull data from another record?
HITmen07Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Greg AlexanderLead DeveloperCommented:
I have come up with an accorythm in the past to fix this issue such as embed the number in a random string and have a way to un encode it when you pull it... so for the most part the user won;t be able to figure it out thus getting an error when they change it.


For example

index.php?rm=Un2992nN445shhw

And then on the recieving page you can pull then number out of that such as 245 is the id aand would be harder to figure out.. I have made some complicated ones in the past to better deal with it, but you get the idea... I hope
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Greg AlexanderLead DeveloperCommented:
algorithm* not accorythm! sorry
0
Ray PaseurCommented:
This teaches how to generate a random unique string.  You can use the string for the keys.  It is quite unlikely that a client can guess the other keys.  You can see the script in action here:
http://www.laprbass.com/RAY_random_unique_string.php

You might also consider keeping the keys in the $_SESSION array.  Just a thought, ~Ray
<?php // RAY_random_unique_string.php
error_reporting(E_ALL);
echo "<pre>\n";

// GENERATE A SHORT UNIQUE RANDOM STRING FOR USE AS SOME KIND OF KEY
// NOTE THAT THE DATA BASE MUST HAVE THE rand_key FIELD DEFINED AS "UNIQUE"
// NOTE THAT THE LENGTH ARGUMENT MUST MATCH THROUGHOUT
define('ARG_LENGTH', 6);

// IMPORTANT PAGES FROM THE MANUALS
// MAN PAGE: http://us2.php.net/manual/en/ref.mysql.php
// MAN PAGE: http://us2.php.net/manual/en/mysql.installation.php



// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "??"; // PROBABLY 'localhost' IS OK
$db_user = "??";
$db_word = "??";


// OPEN A CONNECTION TO THE DATA BASE SERVER
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-connect.php
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB CONNECTION: ";
   echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-select-db.php
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB SELECTION: ";
   echo "<br/> $errmsg <br/>";
   die('NO DATA BASE');
}
// IF WE GOT THIS FAR WE CAN DO QUERIES





// FUNCTION TO CREATE A DATABASE TABLE
function create_myTable()
{
    $length = ARG_LENGTH;

    mysql_query("DROP TABLE IF EXISTS myTable");
    $psql  = "CREATE TEMPORARY TABLE myTable ( ";
    $psql .= "_key        int(8)            NOT NULL AUTO_INCREMENT, ";
    $psql .= "rand_key    varchar($length)  UNIQUE NOT NULL DEFAULT '?', ";
    $psql .= "other_data  varchar(128)      NOT NULL, "; // AS NEEDED BY YOUR APPLICATION
    $psql .= "PRIMARY KEY(`_key`) ";
    $psql .= " ) ENGINE=INNODB DEFAULT CHARSET=ascii";
    if (!$p = mysql_query($psql)) { die( mysql_error() ); }
}





// FUNCTION TO MAKE A RANDOM STRING
function random_string()
{
// POSSIBLE COMBINATIONS = pow($length,strlen($chr)); = 4.6E18 IF LENGTH IS 4
//         1...5...10...15...20...25...30......
   $chr = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
   $str    = "";
   while(strlen($str) < ARG_LENGTH)
   {
      $str .= substr($chr, mt_rand(0,(strlen($chr))), 1);
   }
   return($str);
}





// FUNCTION TO ENSURE THE RANDOM STRING IS UNIQUE
function make_random_key()
{
    $length = ARG_LENGTH;
    $rand_key = '';
    while ($rand_key == '') // GENERATE A UNIQUE AND RANDOM TOKEN
    {
        $rand_key = random_string($length);
        $isql     = "INSERT INTO myTable ( rand_key ) VALUES ( \"$rand_key\")";
        if (!$i   = mysql_query("$isql")) // IF QUERY ERROR
        {
            $err   = mysql_errno();
            if ($err == 1062) // DUPLICATE UNIQUE FIELD ON rand_key
            {
                $rand_key = '';
            } else
            {
                /* HANDLE FATAL QUERY ERROR ($isql) */
            }
        }
    }
    return $rand_key;
}




// SHOW HOW TO MAKE LOTS OF UNIQUE AND RANDOM STRINGS
create_myTable();

$kount = 0;
$array = array();
while ($kount < 25)
{
    $array[] = make_random_key();
    $kount++;
}

print_r($array);

Open in new window

0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

HITmen07Author Commented:
Not sure how to implement your solution into my database Ray.
0
Ray PaseurCommented:
Generate the random keys and use them for your keys to the rows of your data base.  Did you read the code and check the output from the link posted above?  I am not sure how I could explain it more clearly but if you have a specific question, please post back and I will try to help.
0
Guy Hengel [angelIII / a3]Billing EngineerCommented:
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Ray PaseurCommented:
I think galexander07 and I both offered good solutions.  No big deal if you want to delete it, but since I use the random key algorithm in practice, I know it works. ;-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.