Home » How - To / Tutorial » Programming » Encoding Decoding Data Using PHP

Encoding Decoding Data Using PHP

Encoding is a process of converting data from one to another form.  Encoding data so that it cannot be easily read is one of the key tenets of security. A good secure system not only takes measure to prevent data from being exposed but also ensure that the damage is limited should the worst happen and the data is encoded. Even though there are method to encode data on the MySQL side. This article will covers Encoding and Decoding Data Using PHP.

Encoding-Decoding-PHP-300x201 Encoding Decoding Data Using PHP

Encoding / Decoding Methods Using PHP

There are two types of encoding methods are covered in this article :

  1. One Way Encode or Single Directional Encode, This method calculate values that you can then compare against known pre calculated value. One way encoding often used in user authentication (encoded password). An Example of one way encoding is MD5 hash.
  2. Bi Directional Encode, This method mainly consist of encode and decode. Bi-Directional Encode methods encode the data in such a way to make it possible to retrieve the original value as long as you know the key. This method often used when the data needed to be processed in plain string text form.

Both methods have their own benefits in Security.

Bi-Directional Encoding (Encoding and Decoding)

There are two types of Two Way encoding are available, one being a subset of the other:

  • The superset (referred to as encoding), The superset is the process of changing representation of data to another equivalent but different representation. There are many basic encoding methods including URL encoding, JSON encoding (Convert an object to JavaScript Object Notation), Serialization, base conversion in numbering system, and etc. Such methods provide reliable ways to use same data across multiple mediums for compatibility issue. These methods do not provide strong security.
  • One subset of encoding (referred to as encryption). Encryption methods encode the data in such unique way that it cannot be easily decoded without a security key that only encoder and decoder know. An example of this method is XOR Cipher.

The XOR Logic Cipher

XOR encoding is easy to do in PHP, eventhough PHP does not provide a single function to XOR logic encode data but it does provide the binary manipulation method which is needed to produce the encoded string. In XOR cipher, the application has a single shared key which used by encoder and decoder. The key can be any length. The longer keys are more secure. To perform encryption in PHP you need to create function. You can do it like this.

The data returned can be binary because it’s not suitable for screen display. However, Encoding the data using base64_encode() is still a better solution. Because of the nature of XOR logic, it’s possible to decode data using the same function used to encode it. XOR logic cipher is easy to implement.

Single Directional Encoding (One Way Encoding)

Unlike Bidirectional Encoding, This methods is more secure to store password. Because it’s nearly impossible to decode. Single Directional Encoding is often known as hashing because it produces a non-unique but reproducible output from the given input (real data). This methods is useful under two main circumtances such as:

  1. Storing a value which you don’t need to retrieved, but still you can use it’s hashed value to a process such as password login.
  2. Comparing it’s hashed value to check it’s validity.

The most known basic hashing is MD5 Hash. However, the basic hash method is not very secure. Maybe you can reconsider to use a more advanced hashing method like SHA-1.

PHP also provide a hashing function. So you can integrating it easily. The complete list of hashing function in PHP can be retrieved by using hash_algos(). Some of hashing functions are :

  • MD5 Hash, Should not be used for anything other than verifying data integrity.
  • SHA1,SHA256,SHA384 and SHA512, Stronger than MD5 hash and most  widely adopted.
  • CRC32 and CRC32b, CRC stands for cyclic redundancy check are useful for providing lightweight checks for data integrity.
  • And another alternative like whirpool, gost, adler32, and etc.

It’s important to take time to consider the right one you might use.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *