No it will not be hidden, urlencode() just makes some alterations to what is passed through it, e.g. a space such as: if you go will be converted to if+you+go rather than if20%you20%gp which could cause a problem at the receiving end.
If you really want to truly hide the data you pass and then use it again on your server, then you will need to use an encryption method, not an encoding method. This is not easy
But I suspect what you want to do is to send out a link that uniquely identifies the recipient to your Web server without explaining how it does this to the observer (as opposed to, say, get.php?id=123 or something “guessable” like that.)
One easy way to do this is with the MD5 method. MD5 (message digest 5) is a one-way hash that can be used to sign a message. It virtually guarantees that a message has not been tampered with because (within reason) no two combinations of characters will yield the same MD5 digest. And if you throw in some known garbage string (often referred to as a “salt”) then you can subtract that from the result when calculating your match:
define('SALT','asdf845cj^');
$key = md5(SALT,$email);
$link_for_email = 'http://' . 'www.myserver.com/get.php?id=' . $key;
The result of this will be a 32-character alphanumeric code which cannot be reverse-engineered and which will be repeatable – given the same input, MD5 always returns the same output code. But you can’t apply any transform to an MD5 which will cause it to return the input, because the original data is not encoded in the output.
Back in your server, you could dig this out like so:
$sql = 'SELECT * FROM people WHERE MD5(CONCAT("' . SALT . '",email)) = "' . mysql_real_escape_string($_GET['id']) '"';
And you will know that the right person is being selected, while your public audience will not be able to tell how you know.
Walter
dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options