performing encryption in php

Often we pass ID values in URLs which can pose a great security risk in php applications. It is always better to encrypt such information before sending from one page to other. Here is an example. The student.php page is encrypting the information. The studentview.php page is comparing the information with its encrypted value:

student.php

<html>
<head><title></title>
<script language="javascript" type="text/javascript">
function Set(x)
{
document.getElementById("fha").value = x;
document.getElementById("frmid").action = "studentview.php";
document.getElementById("frmid").submit();	
}
</script>
</head>

<body>
<?php 

include("db/opendb.php");

$query = "select * from tblstudent";
$result = $conn -> query($query);
?>
<table border="1">
<?php
foreach($result as $row)
{
  ?>
<tr>
<td>
<a href="javascript:;" onclick="Set('<?php echo md5($row['id']) ?>');">View</a></td>
<td><?php echo $row['name']; ?> </td>
<td><?php echo $row['age']; ?> </td>
<td><?php echo $row['address']; ?> </td>
</tr>	

<?php	
}
?>

</table>

<form id="frmid" name="frmid" method="post" action="">
<input id="fha" name="fha" type="hidden">
</form>
<?php 
$conn = NULL;
?>
</body>
</html>

studentview.php

<html>
<head><title></title></head>
<body>
<?php 

include("db/opendb.php");
$id = $_POST['fha'];
$query = "select * from tblstudent where md5(id)='".$id."'";

$result = $conn -> query($query);

?>

<?php
foreach($result as $row)
{
  $id = $row['id'];
  $name = $row['name'];
  $age = $row['age'];
  $address = $row['address'];
}
  ?>

<table border="1">	

<tr>
<td>ID:</td>
<td><?php echo $id; ?> </td>
</tr>
<tr>
<td>Name</td>
<td><?php echo $name; ?> </td>
</tr>
<tr>
<td>Age</td>
<td><?php echo $age; ?> </td>
</tr>

<tr>
<td>Address</td>
<td><?php echo $address; ?> </td>
</tr>
  


</table>

<?php 
$conn = NULL;
?>
</body>
</html>

 

Add a Comment

Your email address will not be published. Required fields are marked *