 |  |
14.3. Obscuring Data with Encoding
14.3.1. Problem
You want to prevent data being viewable as plaintext. For example, you don't want hidden form data to be revealed simply by someone viewing the source code of a web page.
14.3.2. Solution
Encode the data with base64_encode( ):
$personal_data = array('code' => 5123, 'blood_type' => 'O');
$info = base64_encode(serialize($personal_data));
print '<input type="hidden" name="info" value="'.$info.'">';
<input type="hidden" name="info"
value="YToyOntzOjQ6ImNvZGUiO2k6NTEyMztzOjEwOiJibG9vZF90eXBlIjtzOjE6Ik8iO30=">Decode the data with base64_decode( ) :
$personal_data = unserialize(base64_decode($_REQUEST['info'])); get_transfusion($personal_data['blood_type']);
14.3.3. Discussion
The Base64 algorithm encodes data as a string of letters, numbers, and punctuation marks. This makes it ideal for transforming binary data into a plaintext form and also for obfuscating data.
14.3.4. See Also
Documentation on base64_encode( ) at http://www.php.net/base64-encode and base64_decode( ) at http://www.php.net/base64-decode; the Base64 algorithm is defined in RFC 2045, available at http://www.faqs.org/rfcs/rfc2045.html.
|  | |
| 14.2. Keeping Passwords Out of Your Site Files |  | 14.4. Verifying Data with Hashes |
Copyright © 2003 O'Reilly & Associates. All rights reserved.