Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

king_eke's avatar

How to encrypt and decrypt

I'm trying to view some data in the database using route.. but in the url it shows it with the id of what i'm trying to view.. like jobs/client_job/1 which shows the details of the job with id of 1 so it makes it easy for a user to change the value and get info of another persons data..

this is what i tried

my route


Route::get('/view_job/{client_job}', ['uses' => 'ClientController@view_job', 'as' => 'client_view_job', 'middleware' => 'auth:clients']);

My controller and i've added the Facades


use Illuminate\Support\Facades\Crypt;

public function view_job(ClientJobModel $client_job){
        if(Auth::guard('developers')->check()){
            return redirect()->route('developer_dashboard');
        }

        return view('master.clients.jobs.view_job')->with('job', Crypt::decrypt($client_job));
    }

The view i'm coming from




<a href="{{ route('client_view_job', ['client_job' => Crypt::encrypt($job->id) ]) }}">View Details <i class="fa fa-fw fa-arrow-circle-right"></i></a>&nbsp&nbsp

The view i'm going to


@if ($job->email == Auth::guard('clients')->user()->email)
            <div class="panel panel-primary">                
                <div class="panel-heading" style="font-size: 20px;">                
                    Title: {{ $job->job_title }} 
                </div>
                <div class="panel-body clearfix">                   
                    {{ $job->job_description }}                                                   
                </div>
                <div class="panel-footer clearfix">
                    <div class="pull-left"> 
                        Created At: {{ date('M j, Y', strtotime($job->created_at))}}
                    </div>
                    <div class="pull-right">                                        
                        <a href="#">Edit <i class="fa fa-fw  fa-edit"></i></a>&nbsp&nbsp
                        <a href="#">Delete <i class="fa fa-fw  fa-times"></i></a>
                    </div> 
                </div>                          
            </div>
        @else
            <div class="panel panel-danger">                
                <div class="panel-heading" style="font-size: 20px;">                
                    Does Not Exist
                </div>
                <div class="panel-body clearfix"> 
                    Please <a href="{{ route('client_dashboard')}}">go back </a>
                    
                </div>                          
            </div>
        @endif

Pls help

0 likes
4 replies
Cronix's avatar

You won't be able to do that using route model binding, because laravel automatically retrieves the model with the passed in ID. If you pass an encrypted ID, it won't know that it needs to decrypt it to get the actual id so it can retrieve the model.

In the controller, $client_job is no longer the ID that you passed in the route. It is the retrieved record from the ClientJobModel model that has that ID.

Does $client_job have a user associated with it? If so, that's what I'd use in your controller to check whether that id matches the current logged in users id.

if ($client_job->user_id !== Auth::id())
{
   // reject. The logged in user does not own this job
}
king_eke's avatar

i already did how to prevent the user from seeing a post that isn't associated with his.. ok how about instead of passing the id i pass in the title of the post.. like the way this laracasts works.. you can see its the title that's showing after the /laravel/{{$post->title}}

but when i do that i get an error

this is how it shows in the url

http://localhost:8000/client_dashboard/view_job/I%20fucking%20did%20it%20man

but it gives this error

No query results for model [App\ClientJobModel].

Cronix's avatar
Cronix
8 years ago
Best Answer
Level 67

If you want to retrieve it by something other than ID, you have to tell it in your ClientJobModel model.

public function getRouteKeyName()
{
    return 'title';
}

You really should give the docs a thorough reading through. Just about all of your questions have the answers in there. See "Customizing the Key Name": https://laravel.com/docs/5.4/routing#route-model-binding

If you are going to do it that way, I'd suggest creating a new column in the table for a title_slug, and then use the str_slug($title) when saving the model. It will replace spaces with dashes so the url is clean and doesn't have that extra stuff in it.

Please or to participate in this conversation.