Posted by Jerry Stuckle on 02/05/07 23:13

Rik wrote:
> Ramon <info@kwekerijschiffelers.nl> wrote:
>
>> The length of the string is +/= 1200 characters. The maximum for IE is
>> 2048,
>> and for other browsers even longer...
>>
>
> Hmmz, you're right. I've tested it, and here it works perfectly.
> rawurlencoded yields about 1270 characters, and I can get them back
> nicely without any trouble, the full string.
>
> Seems a configuration issue of either PHP, browser of webserver to me,
> but I'm not going to find out: it still seems very silly to me to try
> this in a GET.
> --Rik Wasmus

Yep, in addition, it's very insecure. I could just put in my browser
windows

http://www.example.com?sql=delete%20from%20orders

You shouldn't even attempt to put a sql statement in the $_GET or $_POST
string. Rather, put only the values you need for the query.

Or save the query in the $_SESSION.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: include files with similar contents
• Prev in forum: Re: include files with similar contents
• Thread view: Re: _GET['name'] truncates

[Reply to this message]