php mailer

So I'm guessing you're trying to obfuscate http://ticktockit.dyndns.biz:888/ticktock_int/results_invoices_IDSel_Client.php?invNo=295 which you can do by code to convert these links into something like...

https://your-domain.com/order-$hash - where $hash is a random 32 byte code or some other hash
--------------------
The password protection is another issue which I can overcome using .htaccess
Yes - I am just trying to "obfuscate http://ticktockit.dyndns.biz:888/ticktock_int/results_invoices_IDSel_Client.php?invNo=295 which you can do by code" - exactly
How does one do this?

The idea will be to put this on my official hosted website (hosted by names.co.uk)  which has a working database, so the dyndns will not be an issue

Here is the code:

<?php require_once('../Connections/TickTockDB.php'); ?>

<?php
error_reporting(E_ALL);
require("/phpmailertest/PHPMailer_5.2.4/class.phpmailer.php");
$breakecho = "<br />";
echo $_GET['invPath'];
echo $breakecho.$_GET['emailAddress'];
echo $breakecho.$_GET['invTotal'];
echo $_GET['invDetails'];
echo $breakecho.$_GET['invPaypal'];

//$path = '2205-Invoice-British Friends of BAR-ILAN University-No.265-1453153496.pdf';
//$path = '../ticktockInt/documents/Invoices/PaidInvoice-Perfect Travel Ltd-No.284-1482266230.pdf';
$location = "../";
$break = "<br />";
$pound = "£";
$space = "&nbsp;";
$path = $_GET['invPath'];
$url = '';
$mailaddress = $_GET['emailAddress'];
$invdetails = $_GET['invDetails'];
$invoicetotal = $_GET['invTotal'];
$paypal = $_GET['invPaypal'];
$name= 'test.pdf';
$encoding = 'base64';
$type = 'application/pdf';
$mail = new PHPMailer;
$mail->setFrom('info@ticktockit.net', 'TickTockIT');
$mail->addAddress($mailaddress, 'My Contact');
//$mail->addAddress('bill@inventas.co.uk', 'My Contact');
//$mail->addStringAttachment(file_get_contents($path), 'invoice.pdf');
//$mail->addAttachment($path, $name, $encoding, $type);
//$mail->addStringAttachment($path, $name, $encoding, $type);
$mail->addAttachment($path);
$mail->AddEmbeddedImage('images/payment.gif', 'PaypalImage');
$mail->Subject  = 'Invoice from TickTockIT';
$mail->Body = $Body;
$mail->IsHTML(true);
$mail->Body = 'Attached Invoice for the following IT work:
'.$break.'Invoice Amount:'.$space.$pound.''.$invoicetotal.'
'.$break.'Details:'.$invdetails.'
'.$break.$break.'Paypal Link:'.$space.$paypal.'
'.$break.$break.'</a><img src="cid:PaypalImage" />
'.$break.'<a href='.$paypal.' style="text-decoration:none"><p style="font-size:30px; color: #808080">Click Here to go to payment web page</p></a>';
if(!$mail->send()) {
  echo 'Message was not sent.';
  echo 'Mailer error: ' . $mail->ErrorInfo;
} else {
  echo 'Message has been sent.';
}
?>

Select allOpen in new window

This is the part that concerns me:
$paypal = $_GET['invPaypal'];

'.$break.'<a href='.$paypal.' style="text-decoration:none"><p style="font-size:30px; color: #808080">Click Here to go to payment web page</p></a>';

I want to be able to encode this to stop the possibility of injection or changing the database reference

Thanks all
Completed