Encyrpted URL

corblimey · 30-06-2008 12:32pm #1

I have an fairly simple ecryption routine written in PHP that does, at its hear string replacement (there's more to it than that, but this is the basic). I encrypt certain IDs and send them out as URLs in emails, etc. I originally had all the keyboard characters in my buffer for replacement, but after 2 hours of debugging last night, I determined that a backslash in the resulting encypted value was being escaped and couldn't then be decrypted correctly.

I was just wondering, since I stumbled on this backslash thing, are there any other characters I should be wary of having in URLs. I'm sure this question has been asked and answered many times, but my google-fu is letting me down.

matrim · 30-06-2008 1:49pm

There's an RFC that specifics this. I think it's 1738 but google should confirm. Also check the HTTP specification which should give the full list of escaped characters (or at least point to the RFC for it).

From the top of my head things like # ' " should also be considered.

daymobrew · 30-06-2008 3:29pm

Could base64_encode help you out? Encrypt the data and then base_64_encode it.

corblimey · 30-06-2008 5:26pm

daymobrew wrote: »

Could base64_encode help you out? Encrypt the data and then base_64_encode it.

I'm not sure base64 is necessary - it's just a simple text URL, but I guess I should spend a little more time researching it - I was just hoping to remove 'special' characters from my encryption list and make the fix as simple as possible.

daymobrew · 01-07-2008 7:24am

corblimey wrote: »

I'm not sure base64 is necessary - it's just a simple text URL, but I guess I should spend a little more time researching it - I was just hoping to remove 'special' characters from my encryption list and make the fix as simple as possible.

I suggested the base64 as a way of converting special chars to ordinary chars.

Bluefrog · 01-07-2008 7:26am

Doesn't get much simpler than base64_encode/decode.

corblimey · 01-07-2008 7:47am

daymobrew wrote: »

I suggested the base64 as a way of converting special chars to ordinary chars.

So are you saying to use base64 to encode my string rather than my own encryption code? Or use base64 to encode my encrypted string?

daymobrew · 01-07-2008 9:22am

corblimey wrote: »

So are you saying to use base64 to encode my string rather than my own encryption code? Or use base64 to encode my encrypted string?

The latter - base64 *after* encryption.

Zombrex · 01-07-2008 3:24pm

Just a note, normal base64 can be URL unsafe.

There is a slightly different version called Modified base64 for URL that uses slightly different characters (for example "%" is replaced with "*" as far as I know) that provide a more robust system for passing data in URLs.

Custom functions in PHP can be easily set up to provide a URL safe version of base64 encoding.

Just something to be aware of

http://ie.php.net/manual/en/function.base64-encode.php#63543
http://ie.php.net/manual/en/function.base64-encode.php#81383

Encyrpted URL

Comments