Solved

Should user id or video id passed through address bar be encrypted?

Posted on 2013-05-28
5
300 Views
Last Modified: 2013-05-28
Should user id or video id that is passed through address bar be encrypted? If so, how?

Right now my user id is inserted in DB as an empty string and is AUTO_INCREMENT to the next number. The DB knows the last number. But if the previous numbers in the DB are encrypted, how does the DB know what number to assign before I take that number, encrypt it and update the DB with new encrypted version?

If I give every user a random number and then encrypt, I run the slight risk two users may end up with the same number as their user id.

Why do these two websites have what looks like encrypted id's in address bar?

Thanks.

address
0
Comment
Question by:kadin
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Jagadishwor Dulal
ID: 39203315
You don't need to change auto increment value to encrypted form when your pass userid in querystring use md5() function to encrypt it Like:

<a href="somepage.php?userid=<?php echo md5($userid);?>">Links</a>

Open in new window


Now when you need to check your userid in database:

$userid=$_GET['userid'] //it's md5 so you need to compare with database. assume your useid fetch from database is in $row['userid'];
if($userid==md5($row['userid']){
//some action
}

Open in new window

0
 

Author Comment

by:kadin
ID: 39203346
Thanks for your response.

md5() creates 32 characters. That is equal to msn.foxsports address above. Maybe that is what they're doing.

youtube is 11 characters. v=SwbP9WLX3fy

Any idea how they're getting that?
0
 

Author Comment

by:kadin
ID: 39203415
The problem I am having with your approach is when I get the md5 userid from the address string, I now have a 32 character value and the next step in my code I must query the DB using this 32 character userid when the DB userid is a number like 52136. I think this means the DB userid must also store the same 32 character md5 value.

 $sql = 'SELECT  count
          FROM table
          WHERE userid= $userid';

Open in new window


My question is. Can someone tell me if this is the way youtube does it?
Thanks.
0
 
LVL 15

Accepted Solution

by:
Jagadishwor Dulal earned 500 total points
ID: 39203563
No your userid will be 52136 only you don't need to make it md5 it will be remain auto increment number but when you fetch record you will convert it to md5 like in my previous example or see here.
you have passed your userid in md5(52136) in your url. Now you fetch your record from database using query like you are using above just check the userid field is equals:

$userid=$_GET['userid'];

Open in new window

you have got md5 number here and now you will fetch record like below.

 $sql = 'SELECT  count FROM table   WHERE md5(userid)='$userid';

Open in new window

0
 

Author Closing Comment

by:kadin
ID: 39203639
Thanks for your help.

I will take it from here and run some experiments.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now