Good afternoon, my friend. Recently I had a similar dilemma. following your code example I solved using the cryptoLib class available at link
First we create the functions
require("path/to/cryptolib.php");
function tokenizer($id){
$token = CryptoLib::encryptData($id, "token");
return $token;
}
// Função simples para decodificar o token recebido após click no elemento
function decodeToken($token){
$decryptedString = CryptoLib::decryptData($token, "token");
return $decryptedString;
}
EXAMPLE: In your html the code can be applied as follows
<td>Dados1</td>
<td>Dados2</td>
<td><img src="e.png" onclick="editar(<? echo tokenizer($row["id"]) ?>)">
<img src="del.png"> onclick="excluir(<? echo tokenizer($row["id"]) ?>)">
</td>
</tr>
<tr>
<td>Dados3</td>
<td>Dados4</td>
<td>
<img src="e.png" onclick="editar(<? echo tokenizer($row["id"]) ?>)">
<img src="del.png"> onclick="excluir(<? echo tokenizer($row["id"]) ?>)">
</td>
</tr>
HTML OUTPUT: In your html rendered the source code will be similar to the example below:
<td>Dados1</td>
<td>Dados2</td>
<td><img src="e.png" onclick="editar("ctnbCH1FXdr41JYI9J82sXjGKbFvIUP3pshgL8KaZsYsEFqFco3NgimLy2xAj")">
<img src="del.png"> onclick="excluir("gimLy2xfUP3pshgL8KaZsYsEFqFco3NAjctnbCH1FXdr41JYI9J82sXjGKbFv")">
</td>
</tr>
<tr>
<td>Dados3</td>
<td>Dados4</td>
<td>
<img src="e.png" onclick="editar("IUPIUP3pshgL8KaZsYsEFqFco3NgimLy2xAj3pshgL8KaZsYsEFqFco3NgimLy2xAj")">
<img src="del.png"> onclick="excluir("8KaZsYsEFqFco3NgctnbCH1FXdr41JYI9J82sXjGKbFvIUP3pshgLimLy2xAj")">
</td>
</tr>
In your CRUD in PHP. Use the token validation function:
$ id = decodeToken ($ token);
The function returns the id to use in handling CRUD.
Conclusion:
When calling the function
tokenizer($row["id"]);
// O valor retornado para token
sXjGKbFvIUP3pshgLim8KaZsYsEFqFco3NgctnbCH1FXdr41JYI9J82Ly2xAj
When you receive the token, sent by javascript, it calls the
$id = decodeToken($token);
// se o valor do $row["id"] informado para a função tokenizer() for igual a "99".
// a função retornará o equivalente a:
$id = 99;
Advantages:
Each time the pages are rendered, the generated token for each $ row {"id"] is unique and random.
I hope this helps to heal your doubts.