encode and decode query string value using php

php encode and decode query string value php

In this tutorial, we will be explaining how to encode and decode query string value using PHP when developing a search module/filter for some kind of listing which will be accessible to the public and it is advised not to show the actual ID of the data, the user may use the ID to do some notorious stuff.

When making a CRUD application (Create, read, update, delete) you will come across GET and POST methods for processing data. POST is secure and used for saving, updating or deleting data. But when we need to fetch data from the database on the basis of some filter, we use GET method. Let’s take an example where you want to filter categories listing on the basis of category ID. In this case, we use GET method. So a sample URL be like www.example.com/categories.php?cat=1

We then use that query parameter cat value and process the results. But displaying the ID to the user may not be a good IDEA in all cases. So what do we do? We obfuscate/encode the value. Let us see how we do this.

Encode and decode query string using php

We can use base64_encode and base64_decode function to achieve our desired results. First we encode the category id and add it to a hyperlink. You can use it in a form and bind it to an input as well.

<?php
$catid = 1;
<a href="categories.php?cat=<?php echo base64_encode($catid) ?>">Filter by category</a>
 
// Returns
// <a href="categories.php?cat=MQ==">Filter by category</a>
?>

So when the user clicks on the hyperlink the category ID which is ‘1’ display and ‘MQ==’ as an encoded string. Now it’s time to decode it.


<?php
// returns the category ID original value i.e. 1
echo base64_decode($_GET["cat"]);
?>

This does what we are looking for, BUT DID YOU NOTICE SOMETHING? The ‘==’ at the end of the value when we encode the category id, ‘=’ at the end or in the middle of a value can sometimes cause the problem when we have multiple query string parameters. SO WHAT TO DO? Simply extending the function will do the trick. We will use strtr function to replace the unwanted characters with some dummy characters. Take a look at the two custom made function below.

<?php
/*
* function to encode string
* accepts a string
* returns encoded string
*/
function safe_encode($string) {
    return strtr(base64_encode($string), '+/=', '-_-');
}

/*
* function to decode the encoded string
* accepts encoded string
* returns the original string
*/
function safe_decode($string) {
    return base64_decode(strtr($string, '-_-', '+/='));
}
?>

The functions are set, let’s use them now. Just like the above example where we passed category ID but in this case using our own custom functions.

<?php
$catid = 1;
<a href="categories.php?cat=<?php echo safe_encode($catid) ?>">Filter by category</a>
 
// Returns
// <a href="categories.php?cat=MQ--">Filter by category</a>
?>

To decode the value is as easy like the earlier one, just change the function name.

<?php
// returns the category ID original value i.e. 1
echo safe_decode($_GET["cat"]);
?>

You may also like...