On May 9, 7:45 pm, sheldonlg <sheldonlgwrote:
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.
Do you have some PHP code showing this?
Did you ask your hosting company?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
Why are you "posting" an sql query? That is all done at the back end --
After the post to get to the php code. What you do is grab the
information and in the php server code -- after the post -- you build
the query.
i am not posting a sql query ....
i have a created a simple cms where user can update pages using php
form
... the problem is that whenever user tryto post a data which contents
"union select" in the string it doesnt get posted instead it shows
error on same page that the page was not found on this server ... it
doesn't matter where those 2 words are in the whole posted data .....
i am guessing posted data is being filtered ..
but than how can i make a cms where i can allow user to update pages
through php form
i cannot tell user that they there data should not content those 2
words...
i tried posting same data with those 2 words on other server and it
worked fine..
but on my current server it doesn't get posted if string content those
2 words ..
anyone knows anything please reply
thanks