Home/ Questions/Q 8338565
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T04:37:40+00:00

Can anyone suggest a versatile PHP encrypt/decrypt algorithm that encrypts in the following way:

  • 0

Can anyone suggest a versatile PHP encrypt/decrypt algorithm that encrypts in the following way:

  1. it’s fast
  2. it’s short, similar to YouTube’s video ids
  3. can be used as a valid id (an elements attribute)
  4. can be used as part of a URL safely

Security is not the primary concern here. I’m just wanting to prevent the casual “hacker” from easily accessing certain pages by changing the URL (e.g. http://www.domain.com/?id=1 can easily be changed to http://www.domain.com/?id=2).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you really really really want to encrypt your primary key (Highly inefficient, will explain later) then use

    $url = substr(md5(uniqid($row['id'], true)),0,6);

    Where row[‘id’] is your primary key. This creates a url/html safe 6 character string, all will be unique (kind of, see below).

    Now. This is why you should NOT do this.

    1. Encryptions should always take place in the backend when uploading data to the sql database, not client side. The general rule is less client side processing the better. It is the difference clientside from pulling $row[‘url’] from your sql database where $row[‘id’] is the key, or pulling the id then running an encryption. That adds 1 more step client-side.
    2. Although highly unlikely, using an encryption like the one below has the potential to have duplicates. (If your site has 1000+ keys your chances of a duplicate is higher) so to prevent a duplicate you would need to encrypt your key, then do an sql search to retreive ALL of your keys, encrypt EACH key, then compare EVERY key to the current encrypted key. That adds 4x(however many keys you have) to your processing time.
    3. Really it is just bad form. If forever reason you wanted to search for a page based on the encrypted url, you would have to again retrieve ALL keys and encrypt + compare all of them.

    For everyone else USE THIS if you want efficiency

    I have the script to create the unique id

    $token = substr(md5(uniqid(rand(), true)),0,6); // creates a 6 digit token

    I use a mysql database to store previously used id’s, you could use any other kind of database to store the Id’s.

    function generateUniqueID () {
  $token = substr(md5(uniqid(rand(), true)),0,6); // creates a 6 digit token
  $query = "SELECT count(*) FROM table WHERE url = $token";
  $result = mysql_query($query, $connection) or die(mysql_error());
  $numResults = mysql_num_rows($result);
  if ($numResults) {
    generateUniqueID();
  }
}

    Using this code you have ONE step client-side, to get the row where id then you receive the row[‘rl’].

    Please read up on program efficiency and take a look at the documentation for mysql, do so and you will get more happy clients 🙂

    • 0