Solved

Should user id or video id passed through address bar be encrypted?

Posted on 2013-05-28
5
309 Views
Last Modified: 2013-05-28
Should user id or video id that is passed through address bar be encrypted? If so, how?

Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?

If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.

Why do these two websites have what looks like encrypted id's in address bar?

Thanks.

address
0
Comment
Question by:kadin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
ID: 39203315
You don't need to change auto increment value to encrypted form when your pass userid in querystring use md5() function to encrypt it Like:

<a href="somepage.php?userid=<?php echo md5($userid);?>">Links</a>

Open in new window


Now when you need to check your userid in database:

$userid=$_GET['userid'] //it's md5 so you need to compare with database. assume your useid fetch from database is in $row['userid'];
if($userid==md5($row['userid']){
//some action
}

Open in new window

0
 

Author Comment

by:kadin
ID: 39203346
Thanks for your response.

md5() creates 32 characters. That is equal to msn.foxsports address above. Maybe that is what they're doing.

youtube is 11 characters. v=SwbP9WLX3fy

Any idea how they're getting that?
0
 

Author Comment

by:kadin
ID: 39203415
The problem I am having with your approach is when I get the md5 userid from the address string, I now have a 32 character value and the next step in my code I must query the DB using this 32 character userid when the DB userid is a number like 52136. I think this means the DB userid must also store the same 32 character md5 value.

 $sql = 'SELECT  count
          FROM table
          WHERE userid= $userid';

Open in new window


My question is. Can someone tell me if this is the way youtube does it?
Thanks.
0
 
LVL 15

Accepted Solution

by:
Jagadishwor Dulal earned 500 total points
ID: 39203563
No your userid will be 52136 only you don't need to make it md5 it will be remain auto increment number but when you fetch record you will convert it to md5 like in my previous example or see here.
you have passed your userid in md5(52136) in your url. Now you fetch your record from database using query like you are using above just check the userid field is equals:

$userid=$_GET['userid'];

Open in new window

you have got md5 number here and now you will fetch record like below.

 $sql = 'SELECT  count FROM table   WHERE md5(userid)='$userid';

Open in new window

0
 

Author Closing Comment

by:kadin
ID: 39203639
Thanks for your help.

I will take it from here and run some experiments.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ajax and PHP 4 47
php error 27 57
Generate PDF's using TCPDF - Initial Set Up 9 30
if statement malfunction 5 20
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question