Page 1 of 1

php query string

Posted: Fri Jul 24, 2009 4:48 am
by goldensparrow
hi everyone i have some question to ask to you. i found some web which it puzzle me, that web has url that

Code: Select all

http://xxx.xxx.xxx/answer_view.php?head=4
and i added single code in the url like this

Code: Select all

http://xxx.xxx.xxx/answer_view.php?head=4'
it show result of the page like result of url http://xxx.xxx.xxx/xxx.php?xxx=4 , and then i added parameter like this

Code: Select all

http://xxx.xxx.xxx/xxx.php?xxx=4aaaaaa
no matter what i add it would show the same page but when i add it like this

Code: Select all

http://xxx.xxx.xxx/xxx.php?xxx=aaa4
it show error page , in my thought i think no matter what i add to url string which it's before number 4 , mysql will return false and if it's after number 4 mysql will return true but i want to know , why ? can anybody tell me about this issue thanks in advance

Re: php query string

Posted: Fri Jul 24, 2009 5:04 am
by DaiLaughing
You really need to show us the code which is handling the $_GET values.

Re: php query string

Posted: Fri Jul 24, 2009 5:10 am
by goldensparrow
i have no code becuase i found this web in google , i just want to know when i add 4aaaaaa why the query result is true but aaaaa4 why the query result is false , it should be false both of 2 query, isn't it ?

Re: php query string

Posted: Fri Jul 24, 2009 5:18 am
by DaiLaughing
For a start we don't know what the query is so how can we say?

Re: php query string

Posted: Fri Jul 24, 2009 5:43 am
by goldensparrow
actually the web which i found in google like this web forums.devnetwork.net/viewforum.php?f=1 you can also add parameter like i added to this web and you can see the result like i saw . pls try and tell me why the result is like this

Code: Select all

viewforum.php?f=1aaa

Code: Select all

viewforum.php?f=aaa1

Re: php query string

Posted: Fri Jul 24, 2009 5:51 am
by goldensparrow
one more thing if you can't understand what i said you can ask me , my native language is not english so my english skill is not well

Re: php query string

Posted: Fri Jul 24, 2009 5:55 am
by DaiLaughing
Are you just asking what the f=1 means?

Re: php query string

Posted: Fri Jul 24, 2009 6:01 am
by jackpf
I've noticed this as well - if you add characters after an ID, it will still show the same ID, but if you add characters before, it'll mess up.


For example, check this out:
viewtopic.php?f=1&t=103621 will show this thread
viewtopic.php?f=1&t=103621afakjhgjkashjdghdasd will show this thread
viewtopic.php?f=1&t=asdgasdg103621 will not show this thread

I think mysql must attempt to convert strings to integers when comparing them to int columns. That's the only thing I can think of....

Re: php query string

Posted: Fri Jul 24, 2009 6:02 am
by goldensparrow
no i want to know why result of page viewforum.php?f=1 like the result of url viewforum.php?f=1aaa ?, do you understand me ?, sorry if i puzzle you

Re: php query string

Posted: Fri Jul 24, 2009 6:20 am
by DaiLaughing
That certainly puzzles me! They look the same. Did you mean f=1 and f=1aaa?

If so it will be because the scripts sanitise the data to prevent users from hacking the server through the PHP. They are probably stripping away the letters as only numbers are expected.

Re: php query string

Posted: Fri Jul 24, 2009 6:22 am
by jackpf
That's what I said lol.

Re: php query string

Posted: Fri Jul 24, 2009 6:40 am
by goldensparrow
thank you very much for your replies jackpf and DaiLaughing , and i want to know which php function that be used in this case to strip characters (letters) ?

Re: php query string

Posted: Fri Jul 24, 2009 6:43 am
by UnknownOne
It must be because number inputs have been set to be ignored/dismissed.

This can be done by limiting a certain string using a certain function. <-Wierd sentence. xD

Code: Select all

 
$_GET['id'] = abs(@intval($_GET['id']));
if(!$_GET['id'])
{
echo "Either you didn't specify an ID, or you attempted to use an invalid ID";
$h->endpage();
exit;
}
 
Something like that will restrict it to numbers only I guess.
Credit to Anthony for the help.

goldensparrow wrote:thank you very much for your replies jackpf and DaiLaughing , and i want to know which php function that be used in this case to strip characters (letters) ?
I'm not too sure but I'm a fan of str_replace()

Re: php query string

Posted: Fri Jul 24, 2009 7:15 am
by DaiLaughing
Sorry jack I somehow missed your post.

Re: php query string

Posted: Fri Jul 24, 2009 7:21 am
by jackpf
Lol no problem.

I think it might be similiar to this:

Code: Select all

 
$i = '345';
echo (int) $i; //should output 345
$i = '345aaa';
echo (int) $i; //should output 345 as well
$i = 'aaa345';
echo (int) $i; //should output 0
 
I'd make a guess that mysql does similiar conversions when comparing something to an int column.