Posted by Ramon on 02/05/07 19:07

Hi all,

I've written a php script, called test.php, consisting of the following
statements:

<?php
error_reporting(E_ALL);
$query = $_GET['sql'];
echo $query;
?>
Using the script with 'small' values for the parameter sql works fine.
Although, using the script with the sql query as specified below

http://localhost/test.php?sql="SELECT orders_id, customers_id,
customers_name, customers_company, customers_street_address,
customers_suburb, customers_city, customers_postcode, customers_state,
customers_country, customers_telephone, customers_email_address,
customers_address_format_id, delivery_name, delivery_company,
delivery_street_address, delivery_suburb, delivery_city, delivery_postcode,
delivery_state, delivery_country, delivery_address_format_id, billing_name,
billing_company, billing_street_address, billing_suburb, billing_city,
billing_postcode, billing_state, billing_country, billing_address_format_id,
payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified,
date_purchased, orders_status, orders_date_finished, currency,
currency_value FROM orders where ((date_purchased >= 18991230 and
last_modified is null) or last_modified >= 18991230 ) and orders_status in
(1,2,3) and ((date_purchased <= 20071201203454 and last_modified is null) or
last_modified <= 20071201203454 ) and orders_id = 2 order by
date_purchased"

results in the following:

\"SELECT orders_id, customers_id, customers_name, customers_company,
customers_street_address, customers_suburb, customers_city,
customers_postcode, customers_state, customers_country, customers_telephone,
customers_email_address, customers_address_format_id, delivery_name,
delivery_company, delivery_street_address, delivery_suburb, delivery_city,
delivery_postcode, delivery_state, delivery_country,
delivery_address_format_id, billing_name, billing_company,
billing_street_address, billing_suburb, billing_city, billing_postcode,
billing_state, billing_country, billing_address_format_id, payment_method,
cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased,
orders_status, orders_date_finished, currency, currency_value FROM orders
where ((date_purchased >= 18991230 and last_modified is null) or
last_modified >= 18991230 ) and orders_status in (1,2,3) and%2�n�

I do not understand why the value of the sql parameter is truncated. Any
help is appreciated!!

Thanks in advance!

• Next in forum: Re: _GET['name'] truncates
• Prev in forum: Re: Interesting date
• Thread view: _GET['name'] truncates

[Reply to this message]