I am developing an web application with raw PHP for a school. When an user visits a student’s profile page the web link on the address bar shows like this- http://localhost/utc/studentprofile.php?studentid=11100103. But I want to appear it like this- http://localhost/utc/studentprofile.php?studentid=.I1vlXKbsAAljiXXX4ylPpWER1D8re93AA–
I can do it using base64_encode but if I do when the user tries to view the student’s profile, it doesn’t show any information.
Would anyone please kindly help me on how to do this?
Thanks in Advance
You added more information in a comment on the question:
Then Base64 encoding is not the way to do that, because it does little if anything to protect the student’s ID.
If you want to avoid revealing the student’s ID, there’s no more secure way than not revealing it. And you have the opportunity to give the student profile pages more readable URLs as well:
Create a trivial mapping database table on the server-side. Give each student a unique “handle” (mine might be “tjcrowder”, for instance, unless the cattle feed merchant who also has my name had gone to the school previously, in which case I might be “tjcrowder2”). Base the handle on information you’re already revealing on the profile page (I assume these pages list the student’s name, for instance).
Then your link becomes
or even better
or even better, throw a URL-rewrite at it so you get
In
studentprofile.php, do the DB query to take the handle and look up the student ID, and then retrieve the student’s profile information.Nice readable URLs, nothing revealing the student ID.