I realize this may be a reproduce of a question from '09 OLD LINK but wanted to see if there was a better way to do now:
ultimately I have the following URL:
www.site.com?ID=12345 (my id's are much more complicated than this).
That being said, it is theoretically possible for somebody to simply change the URl and access other person's data (yes I can also run authentication of ownership on the other side as well).
Ultimately, I want to hash the initial data, put it as the ID value - then on the server processing script (page that is linked to), reverse the hash and use the UID from that member.
Two choices - use PHP's encryption/decrypt facilities to hide the actual UID. Or store a hashed version of the UID in the database alongside the normal UID.
You could run a query like
SELECT blah,blah
FROM table
WHERE MD5(id) = 'the query string value'
but that wouldn't allow for indexes to be used, so it'd be better to do
...
WHERE hashed_id = 'the query string value'
instead.
What you're attempting to do sounds like the wrong approach, unless you're just attempting to obfuscate things slightly (which seems somewhat pointless, if I'm being honest).
I'd be tempted to add an additional element to the URL - an authorisation key which would be randomly generated at the time the ID is generated and stored alongside the ID (presumably in a database), but wouldn't be generated based on the ID. (Something like md5(uniqid) would probably do the trick.)
As such, it simply wouldn't be possible for someone to guess the ID and the key.