How to encrypt the $_GET data in php?

Question

As in php we use $_GET to pass variables in the url , i want to pass variables which include the id of the user which i want to be anonymous, so can something be done which can encrypt the variable before passing it and the the variable once taken on the page can be decrypted to get the original variable value.

for eg:

Before passing variable $id=10;

Passed in the url as $id=dasfgjg;

when taken from the url and decrypted $id=10;

How can this be achieved?

Answer 1

You can use an RC4 cipher if you intend to encrypt/decrypt only on the server-side

http://www.phpkode.com/source/s/rc4-cipher-0-1/rc4-cipher-0-1/RC4.php

$my_secret_key = '3klmsd94mms.saeo44o!!3le';

if( isset($_GET['p']) ) {
  $id = RC4::decrypt($my_secret_key, $_GET['p']);
  // ....
}
else {
  echo '<a href="/?p='.RC4::encrypt($my_secret_key, 12).'">Go to the page</a>';
}

Answer 2

A quick and dirty way to achieve this (for each request)

• on the client, create a string like 'xx:10:yy' where xx and yy are strings consisting pf random characetrs
• on the client, create a salted hash of the users salted/hashed password
• use this hash as a key and the string from the first bullet as cleartext for encryption with e.g. crypt.js
• in the request send the encrypted string and the salt
• on the server use the transmited salt and the users salted/hashed password to recover the key
• on the server use mcrypt or friends to decrypt the string
• on the server use standard PHP text processing functions to recover the payload from the decrypted string

Answer 3

Just generate random strings (make sure it's unique) for each record in the database and save it there, too. Then use this as an identifier. Note that, of course, this has nothing to do with encryption.