Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 94
  • Last Modified:

php query string addition

At the end of php query string
I add
or 1=1

but the text is changed to
%20or%201=1


how can I add
or 1=1 to end of url


I saw sql injection tutorials but none make sense too theoretical
0
rgb192
Asked:
rgb192
  • 2
1 Solution
 
Kim WalkerWeb Programmer/TechnicianCommented:
That is correct for url encoding. You cannot have spaces in a query string. They have been replaced with %20 which is recognized as a space by the server when it receives the request.
0
 
Ray PaseurCommented:
The text or 1 = 1 is URL-encoded into or%201%20=%201.  When the information is found inside the $_GET array, it will have been URL-decoded, back into or 1 = 1.  So if you wanted to add or 1 = 1 to test SQL injection, just add or%201%20=%201 to the end of the URL.

PHP functions about URL-encoding:
http://php.net/manual/en/function.urlencode.php
http://php.net/manual/en/function.urldecode.php

General reference:
http://php.net/manual/en/book.url.php
1
 
rgb192Author Commented:
full %20 answer with code showed me complete answer

thanks
0
 
Ray PaseurCommented:
Thanks for the points.  Just as an aside, sometimes the blank can be URL-encoded into the plus sign, too.  So or 1 = 1 could look like or+1+=+1 and it would likely work correctly, too.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now