Home/ Questions/Q 6092753
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T12:28:51+00:00

I have an encrypted, base64 encoded array that I need to put into a

  • 0

I have an encrypted, base64 encoded array that I need to put into a url and insert into emails we send to clients to enable them to be identified (uniquely) – the problem is that base64_encode() often appends an = symbol or two after it’s string of characters, which by default is disallowed by CI.

Here’s an example:
http://example.com/cec/pay_invoice/VXpkUmJnMWxYRFZWTEZSd0RXZFRaMVZnQWowR2N3TTdEVzRDZGdCbkQycFFaZ0JpQmd4V09RRmdWbkVMYXdZbUJ6OEdZQVJ1QlNJTU9Bb3RWenNFSmxaaFVXcFZaMXQxQXpWV1BRQThVVEpUT0ZFZ0RRbGNabFV6VkNFTlpsTWxWV29DTmdackEzQU5Nd0lpQURNUGNGQS9BRFlHWTFacUFTWldOZ3M5QmpRSGJBWTlCREVGWkF4V0NtQlhiZ1IzVm1CUk9sVm5XMllEWlZaaEFHeFJZMU51VVdNTmJsdzNWVzlVT0EwZw==

Now I understand I can allow the = sign in config.php, but I don’t fully understand the security implications in doing so (it must have been disabled for a reason right?)

Does anyone know why it might be a bad idea to allow the = symbol in URLs?

Thanks!
John.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Not sure why = is disallowed, but you could also leave off the equals signs.

    $base_64 = base64_encode($data);
$url_param = rtrim($base_64, '=');
// and later:
$base_64 = $url_param . str_repeat('=', strlen($url_param) % 4);
$data = base64_decode($base_64);

    The base64 spec only allows = signs at the end of the string, and they are used purely as padding, there is no chance of data loss.

    Edit: It’s possible that it doesn’t allow this as a compatibility option. There’s no reason that I can think of from a security perspective, but there’s a possibility that it may mess with query string parsing somewhere in the tool chain.

    • 0