using id in url / security issue

[eluser]danmontgomery[/eluser]
First, a database ID is not user data... As long as you're checking the current user against the page they're trying to view, it really doesn't matter.

You can hash the id:

index.php/profile/d389a39f4584dfd3f53cdc453db9a925.html

Code:

$user_id = $this->uri->segment(2);
$sql = "SELECT * FROM users WHERE MD5(CONCAT(first_name, id)) = '" . $user_id . '";

For example.