[eluser]shaffick[/eluser]
Instead of passing the ID in the URL, you could generate a hash (x characters) and add that to your products table in the db. (edit: each product or item in that table will have a unique hash btw)
And pass that hash in the URL. That might be more secure if you have to pass the reference id in the url.
cheers