Posted by Alvaro G Vicario on 08/24/05 14:57

*** Doug Johnston wrote/escribió (Wed, 24 Aug 2005 11:24:17 GMT):
> http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=select%20*%20from%20sysuser%20where%20companies%20LIKE'%0002%'%20AND%20usrflag%20='U'&tblname=curSysuser
>
> ...the problem is the LIKE '%0002%'. If I remove the %'s from each side
> of the value, no error.

Don't even solve it. If anyone can send custom queries to your database,
anyone can break your site. And they will.

Apart from that, there's only a small subset of chars that are valid in an
URL. You can get the appropriate conversion with rawurlencode(); decoding
is automatic.



--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

• Next in forum: Re: coding for verisign
• Prev in forum: Re: Error 500 - Internal Server Error
• Thread view: Re: Error 500 - Internal Server Error

[Reply to this message]