Reply to Re: Error 500 - Internal Server Error — PHP Programming Language

Posted by Philip Ronan on 08/24/05 14:48

"Doug Johnston" wrote:

> Hi,
>
> I am trying to pass the following and it keeps giving the same error...
>
> http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=select%20*%2
> 0from%20sysuser%20where%20companies%20LIKE'%0002%'%20AND%20usrflag%20='U'&tbln
> ame=curSysuser
>
> ...the problem is the LIKE '%0002%'. If I remove the %'s from each side
> of the value, no error.
>
> Anyone got any ideas
>
> Regards
> Doug Johnston

You should have URLencoded the percent characters:

<http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=select%20
*%20from%20sysuser%20where%20companies%20LIKE'%350002%35'%20AND%20usrflag%20
='U'&tblname=curSysuser>

But I have to say that running SQL requests directly from unvalidated HTTP
requests is really stupid and irresponsible. Publishing the URL of this
insecure database is really asking for trouble. Fix it now before someone
f**ks up your database.

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация