Hi,
Hoping someone can help, I have a sql query which is passed to the
script via the url, this is like:-
&stmt=select%20 *%20from%20tabl e%20where%20(%2 0status!='Close d'%20.....
If I look at $_GET['stmt'], this gives:-
select * from tickets where ( status=''Closed '' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
select * from tickets where ( status=\'Closed \' ......
To get the query back again I run through stripslashes(), however
obviously this will have no affect with the $_GET['stmt'] variable.
So to my question, why am I getting differing results I believed that
the two variables were always the same, why is the ' not being escaped
with a \???
I am running php 5.0.3 on apache
Would appreciate some enlightenment, as I am beginning to pull my hair
out. I only have this problem with sqlite queries, mySQL queries are
escaped correctly in $_GET['stmt'].
Thanks in advance
Chris
1  2468 
*** Chris Cox escribió/wrote (Thu, 03 Mar 2005 01:02:30 +0000): I have a sql query which is passed to the
script via the url, this is like:-
&stmt=select%20 *%20from%20tabl e%20where%20(%2 0status!='Close d'%20.....
So that the user can manually rewrite the URL to
"&stmt=DELETE%2 0FROM%0table"?
If I look at $_GET['stmt'], this gives:-
select * from tickets where ( status=''Closed '' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
select * from tickets where ( status=\'Closed \' ......
Check this page: http://www.php.net/magic_quotes
If you cannot disable magic quotes for the whole server try to either
disable it for your script or detect it and unescape if necessary. Magic
quotes are evil.
Also, backup your database often, it'll get hacked pretty soon if you don't
change your design :)
--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ Manda tus dudas al grupo, no a mi buzón
-+ Send your questions to the group, not to my mailbox
-- This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Philip D Heady |
last post by:
Hi, I'm validating a simple form for input via post ($PHP_SELF). Near the
end I check for username and password. I'm using simple if, elseif, else
statements.
I require them to enter password twice and check that they match. Problem is
script doesn't valide past username input and I dont know why!! If you don't
enter a password it doesn't do the validation anymore, it just dies for some
reason. I would greatly appreciate anyones help,...
|
by: carramba |
last post by:
Hi!
Tahnx for taking time and reading!
This script should load default page and default stylesheet, but its
only loads default page, you have to actualy click on the style link
to load style...
but I dont understand why! It started when I "compresed" script and
addet $_GET in the same "if" set... but it shoudent by eny
problem...
|
by: kinne |
last post by:
The following code is supposed to reverse the date in "yyyy-mm-dd" format,
but it produces different results in Firefox 1.0 and in Internet Explorer
6SP1. In Firefox, the result is correct ("2004-11-29") but it's wrong in
Internet Explorer 6SP1 ("00:20:15-11-29"). If I change "dateParts" to
"dateParts", it's exactly the opposite that occures: a correct result in
IExplorer but a fault in Firefox. Is there a workaround? Where do I miss the...
|
by: srussell |
last post by:
I have the following code:
<?php
print "1. " . $_GET . "-2. " . $_GET;
?>
The file is called test_globals.php.
On most servers I can type:
|
by: Clint Herron |
last post by:
Howdy!
I posted this question on CSharpCorner.com, but then realized I should
probably post it on a more active newsgroup. This will be my only cross-post.
I'm creating a game engine, and using CodeDOM for my scripting needs (I
realize I could use yacc or something else, but I wanted to try using CodeDOM
-- this is more of an exercise for me to learn this stuff).
Well, I compile my in-game scripts just fine. See appendix A for my code
| | |
by: stephane |
last post by:
I have a problem which must be in this :
print" <script type='text/javascript'>
document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');
</script>";
or maybe here, in file2
<?php
$tk_req_id = $_GET;
|
by: stephane |
last post by:
I have a problem which must be in this :
print" <script type='text/javascript'>
document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');
</script>";
or maybe here, in file2
<?php
$tk_req_id = $_GET;
|
by: InvalidLastName |
last post by:
We have been used XslTransform. .NET 1.1, for transform XML document, Dataset with xsl to HTML. Some of these html contents contain javascript and links. For example:
// javascript
if (a > b)
.....
// xsl contents
abc.aspx?p1=v1&p2=<xsl:value-of select="$v2" />
|
by: The KwikOne |
last post by:
Since to have a page validate (HTML and XHTML) you should have your
URL parameters separated by the appropriate separator. However, if an
ampersand is used it needs to be expressed as & (example: ./
index.php?a=1&B=2). But, if that is done, then the _GET or
_REQUEST array element names are incorrect. In the example the _GET
array will be:
_GET = 1 (instead of _GET = 1) and _GET = 2
(instead of _GET = 2).
So, how do I get around this?...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
