473,416 Members | 1,648 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > $_get & $http_get_vars return different results

Join Bytes to post your question to a community of 473,416 software developers and data experts.

$_GET & $HTTP_GET_VARS return different results

Hi,

Hoping someone can help, I have a sql query which is passed to the
script via the url, this is like:-

&stmt=select%20*%20from%20table%20where%20(%20stat us!='Closed'%20.....

If I look at $_GET['stmt'], this gives:-
select * from tickets where ( status=''Closed'' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
select * from tickets where ( status=\'Closed\' ......

To get the query back again I run through stripslashes(), however
obviously this will have no affect with the $_GET['stmt'] variable.

So to my question, why am I getting differing results I believed that
the two variables were always the same, why is the ' not being escaped
with a \???

I am running php 5.0.3 on apache

Would appreciate some enlightenment, as I am beginning to pull my hair
out. I only have this problem with sqlite queries, mySQL queries are
escaped correctly in $_GET['stmt'].

Thanks in advance

Chris
Jul 17 '05 #1
1 2449
*** Chris Cox escribió/wrote (Thu, 03 Mar 2005 01:02:30 +0000):
I have a sql query which is passed to the
script via the url, this is like:-

&stmt=select%20*%20from%20table%20where%20(%20stat us!='Closed'%20.....
So that the user can manually rewrite the URL to
"&stmt=DELETE%20FROM%0table"?

If I look at $_GET['stmt'], this gives:-
select * from tickets where ( status=''Closed'' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
select * from tickets where ( status=\'Closed\' ......


Check this page: http://www.php.net/magic_quotes

If you cannot disable magic quotes for the whole server try to either
disable it for your script or detect it and unescape if necessary. Magic
quotes are evil.

Also, backup your database often, it'll get hacked pretty soon if you don't
change your design :)
--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ Manda tus dudas al grupo, no a mi buzón
-+ Send your questions to the group, not to my mailbox
--
Jul 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Validation & Error Checking Broken??
by: Philip D Heady | last post by:
Hi, I'm validating a simple form for input via post ($PHP_SELF). Near the end I check for username and password. I'm using simple if, elseif, else statements. I require them to enter password...
PHP
2
$_GET & $_SESSION conflikt?
by: carramba | last post by:
Hi! Tahnx for taking time and reading! This script should load default page and default stylesheet, but its only loads default page, you have to actualy click on the style link to load style......
PHP
4
"Split & Parts" different results in Firefox & IExplorer
by: kinne | last post by:
The following code is supposed to reverse the date in "yyyy-mm-dd" format, but it produces different results in Firefox 1.0 and in Internet Explorer 6SP1. In Firefox, the result is correct...
Javascript
2
$_GET not available problem?
by: srussell | last post by:
I have the following code: <?php print "1. " . $_GET . "-2. " . $_GET; ?> The file is called test_globals.php. On most servers I can type:
PHP
7
"Object does not match target type." using dynamic compiling & inv
by: Clint Herron | last post by:
Howdy! I posted this question on CSharpCorner.com, but then realized I should probably post it on a more active newsgroup. This will be my only cross-post. I'm creating a game engine, and...
C# / C Sharp
1
variables from URL $_GET
by: stephane | last post by:
I have a problem which must be in this : print" <script type='text/javascript'> document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');...
PHP
1
variable from URL $_GET
by: stephane | last post by:
I have a problem which must be in this : print" <script type='text/javascript'> document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');...
Javascript
12
How to make XslCompiledTransform transform &amps; as XslTransform does
by: InvalidLastName | last post by:
We have been used XslTransform. .NET 1.1, for transform XML document, Dataset with xsl to HTML. Some of these html contents contain javascript and links. For example: // javascript if (a &gt; b)...
.NET Framework
8
URL Parameters to meet W3C validation causes incorrect _GET parameterresults
by: The KwikOne | last post by:
Since to have a page validate (HTML and XHTML) you should have your URL parameters separated by the appropriate separator. However, if an ampersand is used it needs to be expressed as &amp; (example:...
PHP
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!