• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Should user id or video id passed through address bar be encrypted?

Should user id or video id that is passed through address bar be encrypted? If so, how?

Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?

If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.

Why do these two websites have what looks like encrypted id's in address bar?

Thanks.

address
0
kadin
Asked:
kadin
  • 3
  • 2
1 Solution
 
Jagadishwor DulalBraces MediaCommented:
You don't need to change auto increment value to encrypted form when your pass userid in querystring use md5() function to encrypt it Like:

<a href="somepage.php?userid=<?php echo md5($userid);?>">Links</a>

Open in new window


Now when you need to check your userid in database:

$userid=$_GET['userid'] //it's md5 so you need to compare with database. assume your useid fetch from database is in $row['userid'];
if($userid==md5($row['userid']){
//some action
}

Open in new window

0
 
kadinAuthor Commented:
Thanks for your response.

md5() creates 32 characters. That is equal to msn.foxsports address above. Maybe that is what they're doing.

youtube is 11 characters. v=SwbP9WLX3fy

Any idea how they're getting that?
0
 
kadinAuthor Commented:
The problem I am having with your approach is when I get the md5 userid from the address string, I now have a 32 character value and the next step in my code I must query the DB using this 32 character userid when the DB userid is a number like 52136. I think this means the DB userid must also store the same 32 character md5 value.

 $sql = 'SELECT  count
          FROM table
          WHERE userid= $userid';

Open in new window


My question is. Can someone tell me if this is the way youtube does it?
Thanks.
0
 
Jagadishwor DulalBraces MediaCommented:
No your userid will be 52136 only you don't need to make it md5 it will be remain auto increment number but when you fetch record you will convert it to md5 like in my previous example or see here.
you have passed your userid in md5(52136) in your url. Now you fetch your record from database using query like you are using above just check the userid field is equals:

$userid=$_GET['userid'];

Open in new window

you have got md5 number here and now you will fetch record like below.

 $sql = 'SELECT  count FROM table   WHERE md5(userid)='$userid';

Open in new window

0
 
kadinAuthor Commented:
Thanks for your help.

I will take it from here and run some experiments.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now