Page 1 of 1

Help Please.

Posted: Tue Jan 04, 2011 8:26 pm
by yb1234yb
Hello all.

Can someone help me with this?

I'm a site owner and receiving many sign ups with username like & #1040 & #1085 &am.
I think they try to put ";" between it and they cannot as it's protected for injection.
But what is it if even with ";" ?
I never met this in php or SQL.

what this # numbers do.

Thanks a lot.

Re: Help Please.

Posted: Tue Jan 04, 2011 9:39 pm
by Christopher
Those look like HTML meta-characters for Cyrillic characters.

Re: Help Please.

Posted: Thu Jan 06, 2011 6:54 am
by yb1234yb
That's obvious that people tried to write ";" instead of "spaces"
so the real script look like something like "&;#1040;&;#1085;&am"
And it seems like injection trial.

Re: Help Please.

Posted: Thu Jan 06, 2011 11:09 am
by social_experiment
yb1234yb wrote:That's obvious that people tried to write ";" instead of "spaces"
Not quite. The values creates html safe characters. If you wanted to use '>' in on a page and wanted it to have no meaning other that 'greater than' you would substitude it for > The semi-colon at the end seems to denote the end of the character sequence. Check out the php manual on htmlspecialchars().