Passing special characters in URL

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 8
Joined: Wed Oct 26, 2011 3:16 am

Mon Jan 23, 2012 7:50 am

Hello All,

Ive been having an issue and would be greatful if I can get some help to my problem. I need to pass a primary key in the URL. I would like to encrypt it for security.

I get the following outputs after calling my encrypt() and decrypt() methods (please see below for my code):

$result = encrypt("27");
value printed to screen: z0Da0HE7BfClV0q6hoKEt%2BkYs6CJxZkwCC7zd8%2BmIWU%3D
Value passed in url: z0Da0HE7BfClV0q6hoKEt+kYs6CJxZkwCC7zd8+mIWU=

I cannot understand why the values above are different. The same variable is printed and passed in the url.

value printed to screen: z0Da0HE7BfClV0q6hoKEt kYs6CJxZkwCC7zd8 mIWU=

The + is replaces with a space. I have tried to user str_replace after decrypting but it still prints the above.

Your help will be greatly appreciated.

Code: Select all

function encrypt($input) {
        $encrypted_result =  base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv));
        $encrypted_result = urlencode($encrypted_result);
        return $encrypted_result;

function decrypt($input) {
        $decrypted_result = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv));
        $decrypted_result = str_replace(' ', '+', $decrypted_result );   
        return $decrypted_result;

User avatar
php-forum GURU
php-forum GURU
Posts: 2192
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Mon Jan 23, 2012 8:49 am

I see a URL encode.
But not a URL decode.
New php-forum User
New php-forum User
Posts: 8
Joined: Wed Oct 26, 2011 3:16 am

Mon Jan 23, 2012 9:00 am

Hi egami,

Thanks for getting back.
I have not used urldecode because I am using $_GET to retrieve the value from the url and $_GET does a urldecode.

I call the function with the code:
$encrypt_result = $crypt->encrypt($id);
<a href='JAVASCRIPT: openWindow(\"Add.php?id={$encrypt_result}\")'> Add </a>

I use the following to retrieve the value:
$id = $crypt->decrypt($_GET['id']);

Your help is appreciated,
Post Reply