Solved

Should user id or video id passed through address bar be encrypted?

Posted on 2013-05-28
5
314 Views
Last Modified: 2013-05-28
Should user id or video id that is passed through address bar be encrypted? If so, how?

Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?

If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.

Why do these two websites have what looks like encrypted id's in address bar?

Thanks.

address
0
Comment
Question by:kadin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
ID: 39203315
You don't need to change auto increment value to encrypted form when your pass userid in querystring use md5() function to encrypt it Like:

<a href="somepage.php?userid=<?php echo md5($userid);?>">Links</a>

Open in new window


Now when you need to check your userid in database:

$userid=$_GET['userid'] //it's md5 so you need to compare with database. assume your useid fetch from database is in $row['userid'];
if($userid==md5($row['userid']){
//some action
}

Open in new window

0
 

Author Comment

by:kadin
ID: 39203346
Thanks for your response.

md5() creates 32 characters. That is equal to msn.foxsports address above. Maybe that is what they're doing.

youtube is 11 characters. v=SwbP9WLX3fy

Any idea how they're getting that?
0
 

Author Comment

by:kadin
ID: 39203415
The problem I am having with your approach is when I get the md5 userid from the address string, I now have a 32 character value and the next step in my code I must query the DB using this 32 character userid when the DB userid is a number like 52136. I think this means the DB userid must also store the same 32 character md5 value.

 $sql = 'SELECT  count
          FROM table
          WHERE userid= $userid';

Open in new window


My question is. Can someone tell me if this is the way youtube does it?
Thanks.
0
 
LVL 15

Accepted Solution

by:
Jagadishwor Dulal earned 500 total points
ID: 39203563
No your userid will be 52136 only you don't need to make it md5 it will be remain auto increment number but when you fetch record you will convert it to md5 like in my previous example or see here.
you have passed your userid in md5(52136) in your url. Now you fetch your record from database using query like you are using above just check the userid field is equals:

$userid=$_GET['userid'];

Open in new window

you have got md5 number here and now you will fetch record like below.

 $sql = 'SELECT  count FROM table   WHERE md5(userid)='$userid';

Open in new window

0
 

Author Closing Comment

by:kadin
ID: 39203639
Thanks for your help.

I will take it from here and run some experiments.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question