Hashids is a small PHP library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database numeric ids to users: https://hashids.org/php
Require this package, with Composer, in the root directory of your project.
composer require hashids/hashids
Then you can import the class into your application:
use Hashids\Hashids;
$hashids = new Hashids();
$hashids->encode(1);
Note: Hashids requires either the BC Math or GMP extension in order to work.
use Hashids\Hashids;
$hashids = new Hashids();
$id = $hashids->encode(1, 2, 3); // o2fXhV
$numbers = $hashids->decode($id); // [1, 2, 3]
use Hashids\Hashids;
$hashids = new Hashids();
$hashids->encode(1, 2, 3); // o2fXhV
$hashids->encode([1, 2, 3]); // o2fXhV
$hashids->encode('1', '2', '3'); // o2fXhV
$hashids->encode(['1', '2', '3']); // o2fXhV
Pass a project name to make your output ids unique:
use Hashids\Hashids;
$hashids = new Hashids('My Project');
$hashids->encode(1, 2, 3); // Z4UrtW
$hashids = new Hashids('My Other Project');
$hashids->encode(1, 2, 3); // gPUasb
Note that output ids are only padded to fit at least a certain length. It doesn't mean that they will be exactly that length.
use Hashids\Hashids;
$hashids = new Hashids(); // no padding
$hashids->encode(1); // jR
$hashids = new Hashids('', 10); // pad to length 10
$hashids->encode(1); // VolejRejNm
use Hashids\Hashids;
$hashids = new Hashids('', 0, 'abcdefghijklmnopqrstuvwxyz'); // all lowercase
$hashids->encode(1, 2, 3); // mdfphx
Useful if you want to encode Mongo's ObjectIds. Note that there is no limit on how large of a hex number you can pass (it does not have to be Mongo's ObjectId).
use Hashids\Hashids;
$hashids = new Hashids();
$id = $hashids->encodeHex('507f1f77bcf86cd799439011'); // y42LW46J9luq3Xq9XMly
$hex = $hashids->decodeHex($id); // 507f1f77bcf86cd799439011
-
When decoding, output is always an array of numbers (even if you encoded only one number):
use Hashids\Hashids; $hashids = new Hashids(); $id = $hashids->encode(1); $hashids->decode($id); // [1]
-
Encoding negative numbers is not supported.
-
If you pass bogus input to
encode()
, an empty string will be returned:use Hashids\Hashids; $hashids = new Hashids(); $id = $hashids->encode('123a'); $id === ''; // true
-
Do not use this library as a security measure. Do not encode sensitive data with it. Hashids is not an encryption library.
The primary purpose of Hashids is to obfuscate numeric ids. It's not meant or tested to be used as a security or compression tool. Having said that, this algorithm does try to make these ids random and unpredictable:
There is no pattern shown when encoding multiple identical numbers (3 shown in the following example):
use Hashids\Hashids;
$hashids = new Hashids();
$hashids->encode(5, 5, 5); // A6t1tQ
The same is true when encoding a series of numbers vs. encoding them separately:
use Hashids\Hashids;
$hashids = new Hashids();
$hashids->encode(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); // wpfLh9iwsqt0uyCEFjHM
$hashids->encode(1); // jR
$hashids->encode(2); // k5
$hashids->encode(3); // l5
$hashids->encode(4); // mO
$hashids->encode(5); // nR
This code was written with the intent of placing the output ids in visible places, like the URL. Therefore, the algorithm tries to avoid generating most common English curse words by generating ids that never have the following letters next to each other:
c, f, h, i, s, t, u