By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,853 Members | 1,046 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,853 IT Pros & Developers. It's quick & easy.

Cannot post string "union select" php form

P: n/a
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
... it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
Jun 2 '08 #1
Share this Question
Share on Google+
7 Replies


P: n/a
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.

Do you have some PHP code showing this?

Did you ask your hosting company?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jun 2 '08 #2

P: n/a
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone

I have absolutely NO IDEA what you're talking about.

Do you have some PHP code showing this?

Did you ask your hosting company?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
Jun 2 '08 #3

P: n/a
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>php_mysql_beginer911 wrote:
>>Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.

Do you have some PHP code showing this?

Did you ask your hosting company?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================

i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
Why are you "posting" an sql query? That is all done at the back end --
After the post to get to the php code. What you do is grab the
information and in the php server code -- after the post -- you build
the query.
Jun 2 '08 #4

P: n/a
On May 9, 7:45 pm, sheldonlg <sheldonlgwrote:
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.
Do you have some PHP code showing this?
Did you ask your hosting company?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks

Why are you "posting" an sql query? That is all done at the back end --
After the post to get to the php code. What you do is grab the
information and in the php server code -- after the post -- you build
the query.
i am not posting a sql query ....
i have a created a simple cms where user can update pages using php
form
... the problem is that whenever user tryto post a data which contents
"union select" in the string it doesnt get posted instead it shows
error on same page that the page was not found on this server ... it
doesn't matter where those 2 words are in the whole posted data .....
i am guessing posted data is being filtered ..
but than how can i make a cms where i can allow user to update pages
through php form
i cannot tell user that they there data should not content those 2
words...
i tried posting same data with those 2 words on other server and it
worked fine..
but on my current server it doesn't get posted if string content those
2 words ..
anyone knows anything please reply
thanks
Jun 2 '08 #5

P: n/a
php_mysql_beginer911 wrote:
On May 9, 7:45 pm, sheldonlg <sheldonlgwrote:
>php_mysql_beginer911 wrote:
>>On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.
Do you have some PHP code showing this?
Did you ask your hosting company?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
Why are you "posting" an sql query? That is all done at the back end --
After the post to get to the php code. What you do is grab the
information and in the php server code -- after the post -- you build
the query.

i am not posting a sql query ....
i have a created a simple cms where user can update pages using php
form
.. the problem is that whenever user tryto post a data which contents
"union select" in the string it doesnt get posted instead it shows
error on same page that the page was not found on this server ... it
doesn't matter where those 2 words are in the whole posted data .....
i am guessing posted data is being filtered ..
but than how can i make a cms where i can allow user to update pages
through php form
i cannot tell user that they there data should not content those 2
words...
i tried posting same data with those 2 words on other server and it
worked fine..
but on my current server it doesn't get posted if string content those
2 words ..
anyone knows anything please reply
thanks
Sorry, misunderstood what you were saying.
Jun 2 '08 #6

P: n/a
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>php_mysql_beginer911 wrote:
>>Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.

Do you have some PHP code showing this?

Did you ask your hosting company?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================

i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
OK, I *think* I understand now.

I doubt very much it's your hosting company. They don't look at the
data. Much more probably the data is being parsed by your CMS.

You say you're "building a cms" - are you actually writing the code
yourself, or did you get something to start with off of the web (or
somewhere else)?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jun 2 '08 #7

P: n/a
On May 10, 7:42 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will help
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
I have absolutely NO IDEA what you're talking about.
Do you have some PHP code showing this?
Did you ask your hosting company?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks

OK, I *think* I understand now.

I doubt very much it's your hosting company. They don't look at the
data. Much more probably the data is being parsed by your CMS.

You say you're "building a cms" - are you actually writing the code
yourself, or did you get something to start with off of the web (or
somewhere else)?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
Thanks everyone for reply..
the problem was from hosting company ..
i guess they were parsing the posted data...
thanks again for your replies

Jun 2 '08 #8

This discussion thread is closed

Replies have been disabled for this discussion.