why does encryption not work if $id is large number

Posted on 2012-08-29
Last Modified: 2012-08-29
encryption works unless
$id is greater than a 9 digit number

echo '<table>';
for ($id = 13;$id<40;$id++){

$key = "az09".md5("!rgb192".$id).urlencode("==");
$url = "$id&key=$key";
echo '<tr><td>'.$id.'</td><td>'.$url.'</td></tr>';

$id = intval($_GET["id"]);
$key = $_GET["key"];
$keyShouldBe = "az09".md5("!rgb192".$id).("==");
echo '<tr><td></td><td></td></tr>';
echo '<tr><td>'.$id.'</td><td>'.$key.'</td><td>'.$keyShouldBe.'</td></tr>';

echo '</table>';

if($key != $keyShouldBe)
    // The special key doesn't match, so it's probably some malicious user trying to break in. 
   echo '<br>error';
    //sleep(5); // Slow the user down.
    //die(); // Stop the script completely from continuing.
  echo '<br>works';

Open in new window

Question by:rgb192
    LVL 15

    Assisted Solution

    LVL 34

    Accepted Solution

    You have a billion IDs or more? That's pretty impressive.

    I'm going to guess that it's because you're reaching the 32-bit signed integer range. The intval() is usually a good way to force a number to be numeric.

    If you do:

    echo intval(2147483647) . "<br>\n";
    echo intval(2147483648) . "<br>\n";

    You should see:

    This is because the 32-bit integer range goes from:
    -2147483648 ... all the way to ... 0 .... all the way to 2147483647

    So if you try to intval() a value over 2147483647, it will start back at -2147483648 again.

    Instead of intval(), just use + 0, like this:

    $id = $_GET["id"]+0;

    It will also force the value to be numeric, but if your system is capable, it will go beyond the 32-bit range.
    LVL 34

    Expert Comment

    For the record, I work on enterprise applications all the time (including mass mailers), and I rarely seen database tables get to the size of having billions of records. By the time they reach that sort of ID range, the data gets archived for performance reasons, and things start back at 0, or else there is a multifactor ID.

    Either way, I'd suggest you double-check to make sure that your application isn't generating billions of unnecessary records, or storing more than it needs to in the database.

    Author Closing Comment



    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now