1

I am using openssl_encrypt and openssl_decrypt functions to encrypt and decrypt the id passed as querystring. But in some cases the encrypted query string contains '+' character. which causes problem in the openssl_decrypt function and I gets the following warning.

$x = openssl_encrypt ('3', 'AES-256-CBC', $password,0, $iv);
echo openssl_decrypt ($x, 'AES-256-CBC', $password,0, $iv);

Warning: openssl_decrypt(): Failed to base64 decode the input

Please let me know if there is any other method to encrypt data without this '+' characters. Also I want to limit the character length of the encrypted id below 100.

Improve this question
1
  • You may want to use CRC32 if you are using rdbms ? there is no need to encrypt decrypt just pass your id crc32 encoded and match with crc32 or when selecting fetch with crc32(id) but this suggestion is for if your aim is shadow your real ids from public. Commented Jan 25, 2016 at 1:15

3 Answers 3

Reset to default
2

There are characters that must be URL-encoded in a query string so the query string must be un-encoded prior to use. What you are probably seeing is the space character being encoded as "+".

See URL encoding - wikipedia.

HTML 5 specifies the following transformation for submitting HTML forms with the "get" method to a web server:[1]

Characters that cannot be converted to the correct charset are replaced with HTML numeric character references[11]

  • SPACE is encoded as '+' or '%20'
  • Letters (A–Z and a–z), numbers (0–9) and the characters '*','-','.' and '_' are left as-is
  • All other characters are encoded as %HH hex representation with any non-ASCII characters first encoded as UTF-8 (or other specified encoding)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What's a quarry? Is it eatable? :-)
@CharlotteDunois No, it is swung over one's head.
1

I am using openssl_encrypt and openssl_decrypt functions to encrypt and decrypt the id passed as querystring.

Can I introduce you to a better idea than encrypting IDs?

$x = openssl_encrypt ('3', 'AES-256-CBC', $password,0, $iv);
echo openssl_decrypt ($x, 'AES-256-CBC', $password,0, $iv);

Two things:

  1. Authenticate your ciphertext.
  2. Use OPENSSL_RAW_DATA or urlencode() it.
Improve this answer

Comments

0

1) Use OPENSSL_RAW_DATA
2) iv (A non-NULL Initialization Vector) should be some alphanumeric.
for example
$iv="0123456789abcdef";

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.