3
Contributors
13
Replies
14
Views
7 Years
Discussion Span
Last Post by venkat0904
0

i want to encrpt query parameters in Url... So that end user unable to understand it..!!!

www.test.com/page.php?uid=1234&tid=234

can we encrypt or hide value through .htaccess..???

If u dont want user to see or understand the data you are sending from a form, may i suggest you using POST method instead of GET..
The official recommendations say that "GET" should be used if and only if the form processing is idempotent, which typically means a pure query form.
Using POST will remove any overhead of encrypting and decrypting the data during form submission..
Hope this helps...

Edited by venkat0904: n/a

0

If u dont want user to see or understand the data you are sending from a form, may i suggest you using POST method instead of GET..
The official recommendations say that "GET" should be used if and only if the form processing is idempotent, which typically means a pure query form.
Using POST will remove any overhead of encrypting and decrypting the data during form submission..
Hope this helps...

how can i use post method without submitting the form..??
i m listing the users with update link...!!!
update link = <a href='update.php?username=$username'>

i thnink there is no chance to use post method

Edited by sam023: n/a

0

how can i use post method without submitting the form..??

well POST and GET are methods to submit a form.. u cannot use any of them without submitting..

i m listing the users with update link...!!!
update link = <a href='update.php?username=$username'>

i thnink there is no chance to use post method

u can still use post method.
use a hidden input like

<input type="hidden" value="<?php echo $username; ?>" name="username" ></input>

Sending username as a query parameter for updation can prove to be a huge risk since a user a can edit it and update the info for other users..
Got my point?
Cheers!!

Edited by venkat0904: n/a

0

well POST and GET are methods to submit a form.. u cannot use any of them without submitting..


u can still use post method.
use a hidden input like

<input type="hidden" value="<?php echo $username; ?>" name="username" ></input>

Sending username as a query parameter for updation can prove to be a huge risk since a user a can edit it and update the info for other users..
Got my point?
Cheers!!

mean u want to say create form with every link..?? i dont think its an good idea

0

I m sorry if i got u wrong... but as far as i understood, u have a form and u want to submit the data from it to a php script wherein u update the db according to the user id passed from that form.. isn't it?
If this is what u r trying to do, my solution should work fine for you.

mean u want to say create form with every link..?? i dont think its an good idea

I didnt really understand what u r trying to tell here...
may be if u can post up your code, we can help you better...

0

Anyways If u have made up ur mind for encryption/decryption of ur data... u can use mcrypt_encrypt/decrypt.
another useful function that i would prefer for this purpose is:

function encrypt_decrypt($Str_Message) { 
    $Len_Str_Message=STRLEN($Str_Message); 
    $Str_Encrypted_Message=""; 
    FOR ($Position = 0;$Position<$Len_Str_Message;$Position++){ 
         $Key_To_Use = (($Len_Str_Message+$Position)+1);  
        $Key_To_Use = (255+$Key_To_Use) % 255; 
        $Byte_To_Be_Encrypted = SUBSTR($Str_Message, $Position, 1); 
        $Ascii_Num_Byte_To_Encrypt = ORD($Byte_To_Be_Encrypted); 
        $Xored_Byte = $Ascii_Num_Byte_To_Encrypt ^ $Key_To_Use; 
        $Encrypted_Byte = CHR($Xored_Byte); 
        $Str_Encrypted_Message .= $Encrypted_Byte; 
             
    } 
    RETURN $Str_Encrypted_Message; 
}

The same function can be used for encryption as well as decryption and u dont even need to maintain a key..
Though i agree this is not very secure but this should be enough for ur requirement.
Cheers!!

Edited by venkat0904: n/a

0

well POST and GET are methods to submit a form.. u cannot use any of them without submitting..


u can still use post method.
use a hidden input like

<input type="hidden" value="<?php echo $username; ?>" name="username" ></input>

Sending username as a query parameter for updation can prove to be a huge risk since a user a can edit it and update the info for other users..
Got my point?
Cheers!!

<table align="center" name='MyTable' id='MyTable' class="sortable" border="1" cellpadding="5" cellspacing="5" width="95%">  
        <? if(isset($_POST['submit'])) 
        {
            if($count > 0)
                 { ?>
                 <tr>
                    <th  nowrap="nowrap">Serial No.</th>
                    <th  nowrap="nowrap">Username</th>
                    <th  nowrap="nowrap">Password</th>
                    <th  nowrap="nowrap">Edit</th>
                </tr> 
                  <?               
                    $counter = 1;
                    $className = "trOdd";
                while($row1 = mysqli_fetch_array($result1)) { ?>
                    <tr>
        <td align="right"><?= $serial; ?></td>
        <td align="right"><?= $row1['name']; ?></td>
        <td align="right"><?= $row1['password']; ?></td>
        <td align="right"><a href="edit.php?uname=<?=$row['name'];?>"Edit</a></td>
        </tr>
        
        <? $counter = $counter + 1; 
         }}} ?>
           
         
              
</td></tr></table>

in above code i m passing username in url... now guide me how can i do with post instead of get method..!!! because according to i can use post method only when i create a form and submit the value..!!
but here i m not using any form or using submit button..!!!

anyways your function is pretty cool.!! thanks for that. :)

Edited by sam023: n/a

0
<table align="center" name='MyTable' id='MyTable' class="sortable" border="1" cellpadding="5" cellspacing="5" width="95%">  
        <? if(isset($_POST['submit'])) 
        {
            if($count > 0)
                 { ?>
                 <tr>
                    <th  nowrap="nowrap">Serial No.</th>
                    <th  nowrap="nowrap">Username</th>
                    <th  nowrap="nowrap">Password</th>
                    <th  nowrap="nowrap">Edit</th>
                </tr> 
                  <?               
                    $counter = 1;
                    $className = "trOdd";
                while($row1 = mysqli_fetch_array($result1)) { ?>
                    <tr>
        <td align="right"><?= $serial; ?></td>
        <td align="right"><?= $row1['name']; ?></td>
        <td align="right"><?= $row1['password']; ?></td>
        <td align="right"><a href="edit.php<?$uname=$row['name'];?>"Edit</a></td>
        </tr>
        
        <? $counter = $counter + 1; 
         }}} ?>
           
         
              
</td></tr></table>

in above code i m passing username in url... now guide me how can i do with post instead of get method..!!! because according to i can use post method only when i create a form and submit the value..!!
but here i m not using any form or using submit button..!!!

anyways your function is pretty cool.!! thanks for that. :)

Ohh i c.. so u are linking to take user to the form and i thought u r already in the form... :P
anyways, if this is the case, u cannot use POST method... but i cant see the need of encryption of url in ur case coz u r trying to encrypt username which is already displayed there in page as it is...
or am i missing somthin again... ;)

0

Ohh i c.. so u are linking to take user to the form and i thought u r already in the form... :P
anyways, if this is the case, u cannot use POST method... but i cant see the need of encryption of url in ur case coz u r trying to encrypt username which is already displayed there in page as it is...
or am i missing somthin again... ;)

See.. its url edit.php?uname=xyz;

from url i get the username value and pass it in a query

select data from user where username = $username;

in this way user can edit url and can see the data of other person..!!

thts y i need to encrypt the username..!! i hope now u got my point..!! :)

0

See.. its url edit.php?uname=xyz;

from url i get the username value and pass it in a query

select data from user where username = $username;

in this way user can edit url and can see the data of other person..!!

thts y i need to encrypt the username..!! i hope now u got my point..!! :)

well, as i can see from your code, u r displaying a list of users in this page itself and providing an "edit" link to edit info of a specific user... then why will someone take the pain of editing it in url.. :P
and if u r displaying only the current user's info with that edit option, he doesn't know the user id of other users to edit the url with same..
makes sense doesn't it?? :)

0

well, as i can see from your code, u r displaying a list of users in this page itself and providing an "edit" link to edit info of a specific user... then why will someone take the pain of editing it in url.. :P
and if u r displaying only the current user's info with that edit option, he doesn't know the user id of other users to edit the url with same..
makes sense doesn't it?? :)

Well one user should not see the info of other user..!!! as it is clear than uid=12; one can easily modify it 11 or other digits to see other user info..!!

0

Well one user should not see the info of other user..!!! as it is clear than uid=12; one can easily modify it 11 or other digits to see other user info..!!

there u go.... dats xactly wt i was asking about...
if u have a user logged in and wants him to see only his info.. why would u pass his id with url... instead what u can do is set the user id in session when the user logs in, and use it whenever u need to display any info on his profile...
got it now?
Cheers!!

Edited by venkat0904: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.