Reply to Re: Error 500 - Internal Server Error — PHP Programming Language

Posted by Jerry Stuckle on 08/24/05 16:13

Doug Johnston wrote:
> Hi,
>
> I am trying to pass the following and it keeps giving the same error...
>
> http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=select%20*%20from%20sysuser%20where%20companies%20LIKE'%0002%'%20AND%20usrflag%20='U'&tblname=curSysuser
>
>
> ...the problem is the LIKE '%0002%'. If I remove the %'s from each side
> of the value, no error.
>
> Anyone got any ideas
>
> Regards
> Doug Johnston

Maybe pass it through urlencode() first?

Or, better yet - DON'T PASS THE SQL IN THE REQUEST!, i.e.

http://www.megamotza.com/cst_hsql.php?firstlogin=Y&abc=sysman&sql=delect%20from%20sysuser.curSysuser

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация