PHP URL Encoding / Decoding

I used the solution accepted for this question for encrypting by id for example in /index.php?id=3 . The problem is I cannot send the encrypted value as an url, example /index.php?id=dsf13f3343f23/23=. Because sometimes it will have weird characters in the url e.g. notice the = sign in the end


Solution 1:

The weird characters in the values passed in the URL should be escaped, using urlencode().


For example, the following portion of code :

echo urlencode('dsf13f3343f23/23=');

would give you :

dsf13f3343f23%2F23%3D

Which works fine, as an URL parameter.


And if you want to build aquery string with several parameters, take a look at the http_build_query() function.

For example :

echo http_build_query(array(
    'id' => 'dsf13f3343f23/23=',
    'a' => 'plop',
    'b' => '$^@test', 
));

will give you :

id=dsf13f3343f23%2F23%3D&a=plop&b=%24%5E%40test

This function deals with escaping and concatenating the parameters itself ;-)

Solution 2:

Use PHP's urlencode() function to encode the value before you put it into a URL.

string urlencode ( string $str )
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.

This function converts "weird" characters, such as =, into a format safe to put into a URL. You can use it like this:

Header('Location: /index.php?id=' . urlencode($id))

Solution 3:

If you use Base64 to encode the binary value for the URL, there is also a variant with URL and filename safe alphabet.

You can use the strtr function to translate one from alphabet to the other:

$base64url = strtr($base64, '+/', '-_');
$base64 = strtr($base64url, '-_', '+/');

So you can use these functions to encode and decode base64url:

function base64url_encode($str) {
    return strtr(base64_encode($str), '+/', '-_'));
}
function base64url_decode($base64url) {
    return base64_decode(strtr($base64url, '-_', '+/'));
}

See also my answer on What is a good way to produce an short alphanumeric string from a long md5 hash?

Solution 4:

There is no use in encrypting parameters.
Send it as is:

/index.php?id=3 

nothing wrong with it.