Why do you want to use preg_replace for this? As you are going to be working with constant's so you dont need to use a regular expression for this.

You would be better using something like the string function s to split your input up into an array, replacing 1, 3, 5 in the array with @, $, z. As you could use the original array for decryption and the output array to show your encryption.

preg_replace('%(.).(.).(.)%', '@\2$\4z', $input)
This function should do what you want, however I would seriously consider the strength of the 'encryption' provided by this function.
This is also a 1 way encryption, as there is no way for preg_replace to store the variables from one pass to another pass. So while you can call on $1 or \1 in the replacement part of the function you cant call on those outside of the preg_replace. So you cant set a $_SESSION variable or anything else to store the original values for those parts. Unless you split up those parts before you pass it through this function...but then why not use str_replace to deal with your 'encryption'...

If you are after an easy encryption then use str_rot13 [uk3.php.net], as this is an easy 2 way 'encryption' that is of similar strength to what you are trying to achieve. Or if you want proper 2 way encryption then look through the mcrypt [uk3.php.net] library.

Is there any specific reason you are encrypting these strings to begin with? There may be a best solution based on what you are doing. A two-way encryption might not even be the best for what you want.

Here is want i want to achieve.

At some places, I have to pass the user id using get method and the url would look like

http://example.com/showprofile/?uid=user_id

so, anyone who knows the user_id of a person can access the profile details by just putting the user_id in the url. Some of the competitors have been using this method to pull out member's details.

I want to hide the user_id and instead use an encrypted str to represent user_id something as in Orkut.

I would also not want to make profile access restricted through login.

Pls suggest.

First I would have to suggest that you only allow full viewing of member details to people that you can restrict, through logging in. As otherwise you are going to be feeding all of the spam bots out there, and that doesnt help anyone.
You may well also find that unless the people have give you express permission to post there information on the internet that having there details available to anyone is a breach of privacy laws.

If you dont want to implement a login system then how about only showing the name (and other non contact information) of the person not all of there details on the showprofile page? At least that way there will be less privacy issues and competitors are getting less information about customers.