Solved

php query string addition

Posted on 2016-09-05
4
56 Views
Last Modified: 2016-10-12
At the end of php query string
I add
or 1=1

but the text is changed to
%20or%201=1


how can I add
or 1=1 to end of url


I saw sql injection tutorials but none make sense too theoretical
0
Comment
Question by:rgb192
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 41785006
That is correct for url encoding. You cannot have spaces in a query string. They have been replaced with %20 which is recognized as a space by the server when it receives the request.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41785027
The text or 1 = 1 is URL-encoded into or%201%20=%201.  When the information is found inside the $_GET array, it will have been URL-decoded, back into or 1 = 1.  So if you wanted to add or 1 = 1 to test SQL injection, just add or%201%20=%201 to the end of the URL.

PHP functions about URL-encoding:
http://php.net/manual/en/function.urlencode.php
http://php.net/manual/en/function.urldecode.php

General reference:
http://php.net/manual/en/book.url.php
1
 

Author Closing Comment

by:rgb192
ID: 41841183
full %20 answer with code showed me complete answer

thanks
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41841192
Thanks for the points.  Just as an aside, sometimes the blank can be URL-encoded into the plus sign, too.  So or 1 = 1 could look like or+1+=+1 and it would likely work correctly, too.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question