Solved

Should user id or video id passed through address bar be encrypted?

Posted on 2013-05-28
5
305 Views
Last Modified: 2013-05-28
Should user id or video id that is passed through address bar be encrypted? If so, how?

Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?

If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.

Why do these two websites have what looks like encrypted id's in address bar?

Thanks.

address
0
Comment
Question by:kadin
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
ID: 39203315
You don't need to change auto increment value to encrypted form when your pass userid in querystring use md5() function to encrypt it Like:

<a href="somepage.php?userid=<?php echo md5($userid);?>">Links</a>

Open in new window


Now when you need to check your userid in database:

$userid=$_GET['userid'] //it's md5 so you need to compare with database. assume your useid fetch from database is in $row['userid'];
if($userid==md5($row['userid']){
//some action
}

Open in new window

0
 

Author Comment

by:kadin
ID: 39203346
Thanks for your response.

md5() creates 32 characters. That is equal to msn.foxsports address above. Maybe that is what they're doing.

youtube is 11 characters. v=SwbP9WLX3fy

Any idea how they're getting that?
0
 

Author Comment

by:kadin
ID: 39203415
The problem I am having with your approach is when I get the md5 userid from the address string, I now have a 32 character value and the next step in my code I must query the DB using this 32 character userid when the DB userid is a number like 52136. I think this means the DB userid must also store the same 32 character md5 value.

 $sql = 'SELECT  count
          FROM table
          WHERE userid= $userid';

Open in new window


My question is. Can someone tell me if this is the way youtube does it?
Thanks.
0
 
LVL 15

Accepted Solution

by:
Jagadishwor Dulal earned 500 total points
ID: 39203563
No your userid will be 52136 only you don't need to make it md5 it will be remain auto increment number but when you fetch record you will convert it to md5 like in my previous example or see here.
you have passed your userid in md5(52136) in your url. Now you fetch your record from database using query like you are using above just check the userid field is equals:

$userid=$_GET['userid'];

Open in new window

you have got md5 number here and now you will fetch record like below.

 $sql = 'SELECT  count FROM table   WHERE md5(userid)='$userid';

Open in new window

0
 

Author Closing Comment

by:kadin
ID: 39203639
Thanks for your help.

I will take it from here and run some experiments.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
php function to remove a file 31 39
showing loader for php/mysql/ajax live search 13 24
mysql date time 14 30
Checkout Page Input Field not aligned 1 22
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question