|
|
Posted by Jerry Stuckle on 02/05/07 23:13
Rik wrote:
> Ramon <info@kwekerijschiffelers.nl> wrote:
>
>> The length of the string is +/= 1200 characters. The maximum for IE is
>> 2048,
>> and for other browsers even longer...
>>
>
> Hmmz, you're right. I've tested it, and here it works perfectly.
> rawurlencoded yields about 1270 characters, and I can get them back
> nicely without any trouble, the full string.
>
> Seems a configuration issue of either PHP, browser of webserver to me,
> but I'm not going to find out: it still seems very silly to me to try
> this in a GET.
> --Rik Wasmus
Yep, in addition, it's very insecure. I could just put in my browser
windows
http://www.example.com?sql=delete%20from%20orders
You shouldn't even attempt to put a sql statement in the $_GET or $_POST
string. Rather, put only the values you need for the query.
Or save the query in the $_SESSION.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|