Re: Cannot post string "union select" php form
- From: php_mysql_beginer911 <deepakgc@xxxxxxxxx>
- Date: Tue, 20 May 2008 06:58:42 -0700 (PDT)
On May 10, 7:42 pm, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
php_mysql_beginer911 wrote:
On May 9, 6:15 pm, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
php_mysql_beginer911 wrote:
Hi .. hope someone will helpI have absolutely NO IDEA what you're talking about.
i am trying to figure it out why i cannot post string "union select"
every time i try to post data which content union and select ..
the page doesn't get posted and it shows error page not found on this
server
i googled and found some people use union and select to hack sites
(mysql injection)
i guess the server i am using has some kind of filter and if a post
string content "union select"
.. it simply doesn't post them and shows error .. (am i correct ???)
i don't know realy whats really wrong and even if it's possible that
server have some kind of filter how can i post everything (including
union select) without getting page not found error
please reply
thank to everyone
Do you have some PHP code showing this?
Did you ask your hosting company?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@xxxxxxxxxxxxx
==================
i have allready asked my hosting company and hope to recieve reply in
1 or 2 days
but i really need to fix this as soon as possible ..
it's just a simple html form and filename is test.php
<?php
if(isset($_POST['submit'])){
echo $_POST['content'];
}
?>
<form method=post >
<textarea name=content cols=50 rows=100 ></textarea>
</textarea>
<input type=sumit value=submit name=submit >
</form>
the above code works fine until i post a string which contents words
"union select" ...
so i think the problem is with string which i am posting ...
i never had this kind of problem and was wondering is it possible that
server can have configuration where some special words are not allowed
in posting data.
hope someone knows the reason ...
thanks
OK, I *think* I understand now.
I doubt very much it's your hosting company. They don't look at the
data. Much more probably the data is being parsed by your CMS.
You say you're "building a cms" - are you actually writing the code
yourself, or did you get something to start with off of the web (or
somewhere else)?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@xxxxxxxxxxxxx
==================
Thanks everyone for reply..
the problem was from hosting company ..
i guess they were parsing the posted data...
thanks again for your replies
.
- References:
- Cannot post string "union select" php form
- From: php_mysql_beginer911
- Re: Cannot post string "union select" php form
- From: Jerry Stuckle
- Re: Cannot post string "union select" php form
- From: php_mysql_beginer911
- Re: Cannot post string "union select" php form
- From: Jerry Stuckle
- Cannot post string "union select" php form
- Prev by Date: Re: php readfile() function - how to implement on smarty web page
- Next by Date: Re: CSV to associative array
- Previous by thread: Re: Cannot post string "union select" php form
- Next by thread: Can someone show me a list of swear words
- Index(es):
Relevant Pages
|
