I am using the yii framework and have different user accounts. When I want to have a look at the view page of user 4 I have to enter an url like www.mydomain.com/user/4 for update I have www.mydomain.com/user/update/4.

Is there a way so that I can hide the user id from the url line?

How can I set a route like www.mydomain.com/user/username and www.mydomain.com/user/update/username? Do I have to modify the routes?

What if the username contains an @ symbols?

If each user has a unique username, you can describe a route that doesn't show their user id by putting this custom routing rule in config/main:

'urlManager' => array(
    'rules' => array(
        'user/<username:\S+>' => 'users/view',
    )
)

The \S+ should accept "@". Then pass that username to controllers/UsersController like so:

public function actionView($username) {...}

Instead of www.mydomain.com/user/update/username I would use www.mydomain.com/user/<username>/update and put this in the above urlManager rules array:

'user/<username:\S+>/update' => 'users/update',

and this in UsersController:

public function actionUpdate($username) {...}

You can also generate a unique, random number for each user before creation and route based on that number.

I think it's better to encrypt your id before passing it. And decrypt it when you reach there. There are many ways of generating such random/encrpted ids. For more security you should not give name like 'user', that you did. Try to modify that even. Hope you got the point...:)