Encode and Decode query string value in php

by  
Share:
Encode and Decode query string value in php

When developing a search module/ filter for some kind of listing that will be accessible to public it is advised not to show the actual ID of the data, user may use the ID to do some notorious stuff. In this tutorial I will be explaining how to encode and decode query string value in PHP.

When making a CRUD application (Create, read, update, delete) you will come across GET and POST methods for processing data. POST is secure and used for saving, updating or deleting data. But when we need to fetch data from database on the basis of some filter, we use GET method. Let’s take an example where you want to filter a products listing on the basis of category ID. In this case we use GET method. So a sample url be like www.example.com/products.php?cat=1

We then use that query parameter cat value and process the results. But displaying the ID to the user may not be a good IDEA in all cases. So what do we do? We obfuscate/encode the value. Let us see how we do this.

Encode and decode string using php

We can use base64_encode and base64_decode function to achieve our desired results. First we encode the category id and add it to a hyperlink. You can use it in a form and bind it to an input as well.

<?php
$catid = 1;
<a href="products.php?cat=<?php echo base64_encode($catid) ?>">Filter by category</a>

// Returns
// <a href="products.php?cat=MQ==">Filter by category</a>
?>

So when the user clicks on the hyperlink the category ID which is ‘1’ display and ‘MQ==’ as an encoded string. Now it’s time to decode it.
<?php
// returns the category ID original value i.e. 1
echo base64_decode($_GET["cat"]);
?>

This does what we are looking for, BUT DID YOU NOTICE SOMETHING? The ‘==’ at the end the value when we encode the category id, ‘=’ at the end or in the middle of a value can sometime cause problem when we have multiple query string parameters. SO WHAT TO DO? Simply extending the function will do the trick. We will use strtr function to replace the unwanted characters with some dummy characters. Take a look at the two custom made function below.
<?php
/*
* function to encode string
* accepts a string
* returns encoded string
*/
function safe_encode($string) {
    return strtr(base64_encode($string), '+/=', '-_-');
}

/*
* function to decode the encoded string
* accepts encoded string
* returns the original string
*/
function safe_decode($string) {
    return base64_decode(strtr($string, '-_-', '+/='));
}
?>

The functions are set, let’s use them now. Just like the above example where we passed category ID but in this case using our own custom functions.
<?php
$catid = 1;
<a href="products.php?cat=<?php echo safe_encode($catid) ?>">Filter by category</a>

// Returns
// <a href="products.php?cat=MQ--">Filter by category</a>
?>

To decode the value is as easy like the earlier one, just change the function name.
<?php
// returns the category ID original value i.e. 1
echo safe_decode($_GET["cat"]);
?>

If you guys have any better workaround, do share with us.

Get the latest updates directly in your inbox for FREE: Subscribe here

Share your feedback / let me know your doubts regarding this tutorial in the comment box given below.

Share:
Hasan

Shahrukh Khan (Hasan)

A software engineer who's a die-hard coder, blogger, dreamer and mentor with years of expertise in web development. Know more...

Related Posts

Rahul on

Your work is simply awesome!!

Reply
Shahrukh Khan on

Thanks a Lot for your appreciation.

Reply
prabaweb on

Hi Sharukh,
Nice work…
and its worked…!!!!

thank you so muchfor your awesome work……

Reply
Shahrukh Khan on

Thanks a lot.

Reply
David on

I owe you a lot of thanks. Remain blessed!

Reply
php tutorials on

Nice blog…Very useful information is providing by ur blog.Very clear and helpful for beginners.

Reply
Hugo Soto on

Thanks allot bud , keep up the good work.

Regard’s

Reply
abinaya on

Good work sharukh,,loads of thanks,,stay blessed with tremendous knowledge…

Reply
bincar on

how to decode string with htaccess

Reply
Shahrukh Khan on

can you please give more details about your problem?

Reply
Lakshmi on

Very nicely written, very helpful article.

Thanks for sharing this, I was looking for the same.

Reply
Shahrukh Khan on

you are welcome

Reply
Firoz Ansari on

Good work

Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.