I am developing a PHP application to manage orders for a company. To view an order the URL is currently /orders/view/3502.
I don't want the order ID number to appear in the URL, so I used CodeIgniter's encrypt library to encrypt the ID in the URL. The URL (after encryption) looks like /orders/view/AaffGdQQ.
The problem I am having is sometimes the encrypted ID contains a forward slash or a plus sign, which don't work correctly when in a URL. CodeIgniter reads the URL based on slashes, so, if the encrypted ID had a slash, it would read that as 2 variables, not one. Also, plus signs are interpreted as spaces in URLs.
So, my question is, how can I encrypt the ID and be sure that the string does not contain a plus sign or a slash?
EDIT: I had an idea to see if the encrypted ID contained a slash or plus sign, and if it did, encrypt it again. For some reason, every time the ID is encrypted, it's different, so this would work.
You can also base64_encode(). That will also make it a lot longer and appear "more secure". Also adds a layer of obfuscation.