PHP : Form example which will encrypt query string (GET) (data hiding rather than security)

From my understanding of the link that you provided. You want to encrypt the GET variables, or at least obfuscate them.

The best and easiest way that this could be done is using base64_decode/encode For example to encode the string you would do something like:

$link = "http://www.example.com/?item=".urlencode(base64_encode("user-data"));

$link would look something like http://www.example.com/?item=rklgEwkelnf%3D%3D, but to translate the seemingly garbled (base64ed) text into something usable you would use:

foreach($_GET as $loc=>$item)
    $_GET[$loc] = base64_decode(urldecode($item));

Then you can freely use the $_GET variable as you normally would.

The following solution is easy enough to implement and is strong enough unless you deal with very sensitive data such as credit-cards information or NASA algorithms...

When you send the parameter via. GET - add a hash value along with it, for example:

$parameter = "abc"; //The parameter which you'll pass as a GET parameter
$salt = "cV0puOlx";
$hashed = md5($salt.$parameter);//A hash that you'll pass as well
header("Location: http://www.yourdomain.com?param=$parameter&hash=$hash");

Then when you read the parameters, check that the hash is a valid one:

$parameter  = $_GET['param'];
$hash = $_GET['hash'];
$salt = "cV0puOlx";
$hashed = md5($salt.$parameter);
//now you check:
if ($hash === $hashed){
   //everything's fine - continue processing
}
else{
  // ERROR - the user tried to tamper with your parameter
  // show error-message and bail-out
}

The accepted answer here doesn't provide any real protection. You can just take the encoded parameters and put them into an online base64_decode and it shows the values as if you have just passed them directly!

The other answer uses $hash as a pass through value but that value hasn't been defined only $hashed.