Sending an mcrypt-encrypted string via a URL parameter - decoded text is mangled
It happens that your encrypted text will end up looking something like:
Z5DlBqT8yEB4HKLkAlvfJoWaHgnNVLFh7jls6L85sLriedc82uFQxm+M62I41oB7
See that plus sign there? Plus signs in URLs get turned into spaces.
When manually converting that plus sign to a space and decrypting the result, the output is the corrupted junk that you've witnessed.
You should run both the IV and the encrypted text through rawurlencode
(not urlencode
) before sticking it into the link. This will properly encode the plus sign, which will preserve it through the process. You don't need to (and should not) urldecode
the string on the other side -- PHP will have done this for you.