I'm passing information from one page another with following php code..
Index.php page:
<?php
include("secure/content/database/db.php");
$sql = mysql_query("SELECT * FROM press");
while($re = mysql_fetch_array($sql))
{
$id= (int) $re['id'];
$key = "bladeyeshibbir?1%59";
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)
$encrypted_data=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $id, MCRYPT_MODE_ECB, $iv);
$id = urlencode(base64_encode($encrypted_data));
$page = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));
echo "<li><a href='press.php?id=$id&request=$md'>$page</a></li>";
}
?>
Press.php page
<?php
include("secure/content/database/db.php");
include("header.php");
$id = $_REQUEST["id"];
$key = "bladeyeshibbir?1%59#";
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)
$decrypted_data=mcrypt_decrypt(MCRYPT_3DES, $key, $id, MCRYPT_MODE_CBC, $iv);
$url_id = base64_decode(urldecode($decrypted_data));
$request = $_REQUEST['request'];
$sql = mysql_query("SELECT * FROM press WHERE id='$url_id' ");
$re = mysql_fetch_array($sql);
$pagename = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));
echo "<title>$pagename</title>";
echo $content;
include("fotter.php");
?>
BUT I'm getting this error:
Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Attempt to use an empty IV, which is NOT recommend in C:\xampp\htdocs\audock\press.php on line 10.
Actually, what I want is that the user can't see the actual value of the query string variable.
Check out this post. You shouldn't use mcrypt_ecb with mcrypt_decrypt, you should use mcrypt_encrypt. Then, when encrypting with mcrypt_encrypt you'll need to create an Initialization Vector with mcrypt_create_iv (docs here) which you should afterwards use for decrypting as well.