asked on

why does encryption not work if $id is large number

encryption works unless
$id is greater than a 9 digit number

<?php
echo '<table>';
for ($id = 13;$id<40;$id++){



$key = "az09".md5("!rgb192".$id).urlencode("==");
$url = "http://www.server.com/queryscript.php?ID=$id&key=$key";
echo '<tr><td>'.$id.'</td><td>'.$url.'</td></tr>';
}






$id = intval($_GET["id"]);
$key = $_GET["key"];
$keyShouldBe = "az09".md5("!rgb192".$id).("==");
echo '<tr><td></td><td></td></tr>';
echo '<tr><td>'.$id.'</td><td>'.$key.'</td><td>'.$keyShouldBe.'</td></tr>';

echo '</table>';

if($key != $keyShouldBe)
{
    // The special key doesn't match, so it's probably some malicious user trying to break in. 
   echo '<br>error';
    //sleep(5); // Slow the user down.
    //die(); // Stop the script completely from continuing.
}else{
  echo '<br>works';
}

Open in new window

SOLUTION

Robert Sutton Jr

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

gr8gonzo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

gr8gonzo

For the record, I work on enterprise applications all the time (including mass mailers), and I rarely seen database tables get to the size of having billions of records. By the time they reach that sort of ID range, the data gets archived for performance reasons, and things start back at 0, or else there is a multifactor ID.

Either way, I'd suggest you double-check to make sure that your application isn't generating billions of unnecessary records, or storing more than it needs to in the database.

rgb192

ASKER

int_val

thanks