Reply to Re: Error 500 - Internal Server Error — PHP Programming Language

Posted by Alvaro G Vicario on 08/24/05 14:57

*** Doug Johnston wrote/escribió (Wed, 24 Aug 2005 11:24:17 GMT):
> http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=select%20*%20from%20sysuser%20where%20companies%20LIKE'%0002%'%20AND%20usrflag%20='U'&tblname=curSysuser
>
> ...the problem is the LIKE '%0002%'. If I remove the %'s from each side
> of the value, no error.

Don't even solve it. If anyone can send custom queries to your database,
anyone can break your site. And they will.

Apart from that, there's only a small subset of chars that are valid in an
URL. You can get the appropriate conversion with rawurlencode(); decoding
is automatic.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация