问题
I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502.
I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ.
The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.
So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?
EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different, so this would work.
回答1:
You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.
回答2:
Maybe passing the cryped data through urlencode() would fix this? After you do that, you would have to intercept the data before CodeIgniter does, and run urldecode() on it.
Just a quick idea, so good luck!
回答3:
Look for some characters that the encryption doesn't use and replace them as it fits. When using urls, undo it.
来源:https://stackoverflow.com/questions/4347864/encrypted-data-in-urls