I have created a quiz app which emails the user the results. I want to include a link in the url that the user can click on and view a breakdown of their results I want the url to look something like this:
http://www.mysite.com/quiz/view/32k4k2u4vxcv88xcv8cv0x98c9v7c7v8887cv
obviously a can't just hash the id cos that is easy to reverse engineer, what is the next best, simplest way to do this bearing in mind I have to execute an sql query to compare the hash value?
You could just assign each instance a GUID, which should be impossible to reverse-engineer (since it's not dependent on the record), and unique. What you've got there looks a bit like a GUID too (i.e. it looks random and is not readable).
You Can use SALT to get a more revere sengineering aware hash.
define("SALT", "some random string .fsddf09asf9sd0-f9sd0-f9sd-0f9s0a-9f-");
$hash = md5(SALT.$user_id);
Later, when the user tries to reach the url, first generate the hash again, with the SALT, and compare with the hash from url provided.
Keep in mind md5 is already broken algo. Use some from the SHA hash algos.
Regards