Hashids is a small PHP library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database numeric ids to users: https://hashids.org/php
Note
The creator of Hashids has released a new, upgraded version rebranded as Sqids. However, Hashids will continue to be maintained and available for future use. For more information, please visit the Sqids repository and learn how it compares to Hashids on the Sqids website.
Getting started
Require this package, with Composer, in the root directory of your project.
Then you can import the class into your application:
$hashids = new Hashids();
$hashids->encode(1);
Note Hashids require either
bcmathorgmpextension in order to work.
Quick Example
$hashids = new Hashids();
$id = $hashids->encode(1, 2, 3); // o2fXhV
$numbers = $hashids->decode($id); // [1, 2, 3]
More Options
A few more ways to pass input ids to the encode() function:
$hashids = new Hashids();
$hashids->encode(1, 2, 3); // o2fXhV
$hashids->encode([1, 2, 3]); // o2fXhV
$hashids->encode('1', '2', '3'); // o2fXhV
$hashids->encode(['1', '2', '3']); // o2fXhV
Making your output ids unique
Pass a project name to make your output ids unique:
$hashids = new Hashids('My Project');
$hashids->encode(1, 2, 3); // Z4UrtW
$hashids = new Hashids('My Other Project');
$hashids->encode(1, 2, 3); // gPUasb
Use padding to make your output ids longer
Note that output ids are only padded to fit at least a certain length. It doesn't mean that they will be exactly that length.
$hashids = new Hashids(); // no padding
$hashids->encode(1); // jR
$hashids = new Hashids('', 10); // pad to length 10
$hashids->encode(1); // VolejRejNm
Using a custom alphabet
$hashids = new Hashids('', 0, 'abcdefghijklmnopqrstuvwxyz'); // all lowercase
$hashids->encode(1, 2, 3); // mdfphx
Encode hex instead of numbers
Useful if you want to encode Mongo's ObjectIds. Note that there is no limit on how large of a hex number you can pass (it does not have to be Mongo's ObjectId).
$hashids = new Hashids();
$id = $hashids->encodeHex('507f1f77bcf86cd799439011'); // y42LW46J9luq3Xq9XMly
$hex = $hashids->decodeHex($id); // 507f1f77bcf86cd799439011
Pitfalls
-
When decoding, output is always an array of numbers (even if you encoded only one number):
use Hashids\Hashids;
$hashids = new Hashids();
$id = $hashids->encode(1);
$hashids->decode($id); // [1] -
Encoding negative numbers is not supported.
-
If you pass bogus input to
encode(), an empty string will be returned:use Hashids\Hashids;
$hashids = new Hashids();
$id = $hashids->encode('123a');
$id === ''; // true -
Do not use this library as a security measure. Do not encode sensitive data with it. Hashids is not an encryption library.
Randomness
The primary purpose of Hashids is to obfuscate numeric ids. It's not meant or tested to be used as a security or compression tool. Having said that, this algorithm does try to make these ids random and unpredictable:
There is no pattern shown when encoding multiple identical numbers (3 shown in the following example):
$hashids = new Hashids();
$hashids->encode(5, 5, 5); // A6t1tQ
The same is true when encoding a series of numbers vs. encoding them separately:
$hashids = new Hashids();
$hashids->encode(1, 2, 3, 4, 5, 6, 7, 8, 9, 10); // wpfLh9iwsqt0uyCEFjHM
$hashids->encode(1); // jR
$hashids->encode(2); // k5
$hashids->encode(3); // l5
$hashids->encode(4); // mO
$hashids->encode(5); // nR
Curse words! #$%@
This code was written with the intent of placing the output ids in visible places, like the URL. Therefore, the algorithm tries to avoid generating most common English curse words by generating ids that never have the following letters next to each other:
c, f, h, i, s, t, u