In a post to his site Ben Sampson shows how to mask IDs in URLs using hashids in a Laravel-based application. Hashids converts values into strings that can then be decoded back to their original values.

By default a URL generated by a Laravel app will contain the ID of a model like this https://app.name/users/1 where 1 is the ID of the item. Often this is absolutely fine, but sometimes you might want to hide it (or obfuscate it). The two main use cases for this I've come across so far are: Security [and it looks] More professional.

He shows how to use this package to encode and decode ID values in your URLs. He also includes updates to the models, controllers and routing to use route model binding to handle the encode/decode process. He shows how to set up different salts for different data types, setting it on each model and how to correctly bind the functionality in the main route service provider.

On PHPMaster.com there's a recent tutorial from Martin Psinas about how you can add text to an image with the help of Imagick, the image editing software that's available to PHP via an extension.

In a previous article, Timothy Boronczyk wrote about how to create watermarks with Imagick using an overlay image. In this article, I’ll show you how to achieve a similar effect using plain text.

He takes a sample image (a headshot) and offers two versions of the same functionality - both the shell command (using "convert") and the PHP code that sets up the font to use, adds placement and pushes the result back out as a PNG. He also includes two other types of overlay - a font mask for a more see-through look and a tiled version, overlaying the text all over the image.

In a new post to his blog Nikita Popov talks about a little trick with inserting values into arrays that can make it take a lot longer than it should (because of how PHP stores its array values in hashtables).

PHP internally uses hashtables to store arrays. The above creates a hashtable with 100% collisions (i.e. all keys will have the same hash). [...] Because every hash function has collisions this C array doesn't actually store the value we want, but a linked list of possible values. [...] Normally there will be only a small number of collisions, so in most cases the linked list will only have one value. But the [included script] creates a hash where all elements collide.

He explains why it works, noting that it's relatively simple to do in PHP because of how it applies a table mask. The slowness comes in when PHP is forced to go through the entire list when it tries to insert. Because of this issue, there's the potential for a Denial of Service attack that could potentially take a server down. There's a fix already in place for the problem, though, so keep an eye out for the next release (that will include a max_input_vars setting to prevent it).