Obfuscating GET id variables with encryption, surrogate key, etc

Question

I'm working on a new application, and in order to obscure the perception of its infancy, I'd like to obscure any instances that could reveal this, for example,
$postId=000001. Instead we'd get $postId=sH4d6s8d. Something short-ish, but unique.

I've read through a few other questions, unfortunately most answers devolve into security concerns. Application security isn't an issue here, I'm just looking for a way to pass an obscure representation of a row id through GET, and have that URL be sharable, meaning multiple user machines can interpret the obfuscation.

I skimmed over surrogate keys for MySQL, XOR, but I'm pretty green and my comprehension went mush quickly. What's the appropriate solution here? Any examples? Thanks.

Update

Decided on a simple XOR + urlencode solution. i.e:

$v = urlencode($var ^ $key)
$v = (urldecode($v) ^ $key)

From testing so far, this seems great for my purposes. However, looks like Firefox auto-decodes urlencode for display, defeating the whole purpose of the idea:

$v = r%5CQXr%5CQXr%5CP
<a href="whatevs.php?id=$v">link</a>

// Firefox renders the below anywhere link is visible (besides source)

whatevs.php?id=r\QXr\QXr\P 

This is annoying. While the id is still obscured and the source is sill "traditionally" urlencoded, those characters don't look natural in a url. But the real problem is anyone who copy/pastes the link won't get the correct resource.

Is there a easy fix for this?

Answer 1

Xor + convert it to base 36 + reverse the string?

$key = 123456789;
$post_id = (1 ^ $key);
$post_id = strrev(base_convert($post_id, 10, 36));
echo $post_id;

Answer 2

You say it's not a security problem, but why do you want secure your GET params ? If your aim is to hide the real value, then it's a security problem ^^ If you want only create a bijection between number and obfuscated code, you can use an inversible function like base64_encode, but anyone will be able to decode it.