Yet another request for a URL variables hiding suggestion

Hi there. My website passes information from one page to another via
the URL. it DOESN'T use forms or post/get but rather I build up the url
in page A as a string and use it to link to page B.

My url looks (something)like this
http://www.mysite.com/pageb.php?PassedUserName='Hester'&PassedUserOccupa tion='Tester'

I don't want users to be able to type in what ever entries they like,
but also I would like to hide the entire list of variables so that it
appears something like

http://www.mysite.com/pageb.php?PassedData=<random looking data here>

Now, I found these functions

function encrypt($string, $key) {
$result = '';
for($i=0; $i<strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)+ord($keychar));
$result.=$char;
}
return base64_encode($result);
}

function decrypt($string, $key) {
$result = '';
$string = base64_decode($string);

for($i=0; $i<strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)-ord($keychar));
$result.=$char;
}
return $result;
}

which work nicely on parts of the url giving me
PassedUserName='Hester'
xLTf1NfYvtXG5MLHztixerTG5ejO1Ig=

PassedUserOccupation='Tester'
xLTf1NfYvtXG5MPJxOjktODK4eKmibXX59rG5Zs=

but I cannot encrypt the whole string
PassedUserName='Hester'&PassedUserOccupation='Test er' unless i replaced
the & with another character for example but then I would have to
somehow split the string into the two variables, and be able to use
these values in my code.

I guess appending a $ to the start of the decoded string isn't going to
work? (I doubt my problem would be that easily solved!)

Sorry, I'm a bit green when it comes to Php programming and I've looked
through the PHP manual and tried many different ways of doing this
before I had to ask.

Thanks in advance for any/all assistance

On 2005-06-06, plittle1970@hotmail.com <plittle1970@hotmail.com> wrote:[color=blue]
> Hi there. My website passes information from one page to another via
> the URL. it DOESN'T use forms or post/get but rather I build up the url
> in page A as a string and use it to link to page B.[/color]
[...]

I believe you would be better off using sessions.

http://www.php.net/session

--
Cheers,
- Jacob Atzen

On Mon, 06 Jun 2005 03:15:49 -0700, plittle1970 wrote:
[color=blue]
> Hi there. My website passes information from one page to another via the
> URL. it DOESN'T use forms or post/get but rather I build up the url in
> page A as a string and use it to link to page B.
>
> My url looks (something)like this
> http://www.mysite.com/pageb.php?PassedUserName='Hester'&PassedUserOccupa tion='Tester'
>
> I don't want users to be able to type in what ever entries they like, but
> also I would like to hide the entire list of variables so that it appears
> something like
>
> http://www.mysite.com/pageb.php?PassedData=<random looking data here>
>
> Now, I found these functions
>
> function encrypt($string, $key) {
> $result = '';
> for($i=0; $i<strlen($string); $i++) {
> $char = substr($string, $i, 1);
> $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
> chr(ord($char)+ord($keychar)); $result.=$char;
> }
> return base64_encode($result);
> }
> }
> function decrypt($string, $key) {
> $result = '';
> $string = base64_decode($string);
>
> for($i=0; $i<strlen($string); $i++) {
> $char = substr($string, $i, 1);
> $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
> chr(ord($char)-ord($keychar)); $result.=$char;
> }
> return $result;
> }
> }
> which work nicely on parts of the url giving me PassedUserName='Hester'
> xLTf1NfYvtXG5MLHztixerTG5ejO1Ig=
>
> PassedUserOccupation='Tester'
> xLTf1NfYvtXG5MPJxOjktODK4eKmibXX59rG5Zs=
>
> but I cannot encrypt the whole string
> PassedUserName='Hester'&PassedUserOccupation='Test er' unless i replaced
> the & with another character for example but then I would have to somehow
> split the string into the two variables, and be able to use these values
> in my code.
>
> I guess appending a $ to the start of the decoded string isn't going to
> work? (I doubt my problem would be that easily solved!)
>
> Sorry, I'm a bit green when it comes to Php programming and I've looked
> through the PHP manual and tried many different ways of doing this before
> I had to ask.
>
> Thanks in advance for any/all assistance[/color]

Would it be enough to just use variables that are none descriptive at
that point and the variable values as keys to a data location that your
own software understands.

For example, I keep a MySQL table just for my own software's use, mainly
as a debug aid, but also as a way to pass data/control info. In fact I use
it it pretty much the way you would make use of services in UNIX/Linux
programming to talk across threads (not quite a useable as the services
system, but can get round some thread comms problems of php). Then a
variable reference as in your line is simply a reference to which table
item it is.

http://www.mysite.com/pageb.php?val1=0001

With your tables/connection settings outside of your browsable area then
you have already taken your security up a few levels from this one small
method.

I don't see what you mean by " but I cannot encrypt the whole
string...unless i replaced the & with another character" ? I tested your
code by calling this:
$enc =
encrypt("PassedUserName='Hester'&PassedUserOccupat ion='Tester'","volatile");
$dec = decrypt($enc,"volatile");
echo "$enc<br>$dec";

Here is the output:
icbQ39TZzcHY2+G6wuHOqYy+1N/V2duTi5q/zdTnztC66dTesNfM4dXX49XQ4qaTudvi4MbmkA==PassedUser Name='Hester'&PassedUserOccupation='Tester'On some other page I would then get the result (after decrypting$_GET['PassedData']) with a simple $result = split('&', $dec)... urlencodeand urldecode may also be useful if you want to include & into someparameter.Dae<plittle1970@hotmail.com> wrote in messagenews:1118052949.490444.204450@g47g2000cwa.g ooglegroups.com...> Hi there. My website passes information from one page to another via> the URL. it DOESN'T use forms or post/get but rather I build up the url> in page A as a string and use it to link to page B.>> My url looks (something)like this>http://www.mysite.com/pageb.php?PassedUserName='Hester'&PassedUserOccupa tion='Tester'>> I don't want users to be able to type in what ever entries they like,> but also I would like to hide the entire list of variables so that it> appears something like>> http://www.mysite.com/pageb.php?PassedData=<random looking data here>>> Now, I found these functions>> function encrypt($string, $key) {> $result = '';> for($i=0; $i<strlen($string); $i++) {> $char = substr($string, $i, 1);> $keychar = substr($key, ($i % strlen($key))-1, 1);> $char = chr(ord($char)+ord($keychar));> $result.=$char;> }> return base64_encode($result);> }>> function decrypt($string, $key) {> $result = '';> $string = base64_decode($string);>> for($i=0; $i<strlen($string); $i++) {> $char = substr($string, $i, 1);> $keychar = substr($key, ($i % strlen($key))-1, 1);> $char = chr(ord($char)-ord($keychar));> $result.=$char;> }> return $result;> }>> which work nicely on parts of the url giving me> PassedUserName='Hester'> xLTf1NfYvtXG5MLHztixerTG5ejO1Ig=>> PassedUserOccupation='Tester'> xLTf1NfYvtXG5MPJxOjktODK4eKmibXX59rG5Zs=>> but I cannot encrypt the whole string> PassedUserName='Hester'&PassedUserOccupation='Test er' unless i replaced> the & with another character for example but then I would have to> somehow split the string into the two variables, and be able to use> these values in my code.>> I guess appending a $ to the start of the decoded string isn't going to> work? (I doubt my problem would be that easily solved!)>> Sorry, I'm a bit green when it comes to Php programming and I've looked> through the PHP manual and tried many different ways of doing this> before I had to ask.>> Thanks in advance for any/all assistance>