Help Please.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
yb1234yb
Forum Newbie
Posts: 3
Joined: Tue Jan 04, 2011 8:23 pm

Help Please.

Post by yb1234yb »

Hello all.

Can someone help me with this?

I'm a site owner and receiving many sign ups with username like & #1040 & #1085 &am.
I think they try to put ";" between it and they cannot as it's protected for injection.
But what is it if even with ";" ?
I never met this in php or SQL.

what this # numbers do.

Thanks a lot.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Help Please.

Post by Christopher »

Those look like HTML meta-characters for Cyrillic characters.
(#10850)
yb1234yb
Forum Newbie
Posts: 3
Joined: Tue Jan 04, 2011 8:23 pm

Re: Help Please.

Post by yb1234yb »

That's obvious that people tried to write ";" instead of "spaces"
so the real script look like something like "&;#1040;&;#1085;&am"
And it seems like injection trial.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Help Please.

Post by social_experiment »

yb1234yb wrote:That's obvious that people tried to write ";" instead of "spaces"
Not quite. The values creates html safe characters. If you wanted to use '>' in on a page and wanted it to have no meaning other that 'greater than' you would substitude it for > The semi-colon at the end seems to denote the end of the character sequence. Check out the php manual on htmlspecialchars().
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply