Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

php query string addition

Posted on 2016-09-05
4
Medium Priority
?
85 Views
Last Modified: 2016-10-12
At the end of php query string
I add
or 1=1

but the text is changed to
%20or%201=1


how can I add
or 1=1 to end of url


I saw sql injection tutorials but none make sense too theoretical
0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 41785006
That is correct for url encoding. You cannot have spaces in a query string. They have been replaced with %20 which is recognized as a space by the server when it receives the request.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 41785027
The text or 1 = 1 is URL-encoded into or%201%20=%201.  When the information is found inside the $_GET array, it will have been URL-decoded, back into or 1 = 1.  So if you wanted to add or 1 = 1 to test SQL injection, just add or%201%20=%201 to the end of the URL.

PHP functions about URL-encoding:
http://php.net/manual/en/function.urlencode.php
http://php.net/manual/en/function.urldecode.php

General reference:
http://php.net/manual/en/book.url.php
1
 

Author Closing Comment

by:rgb192
ID: 41841183
full %20 answer with code showed me complete answer

thanks
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 41841192
Thanks for the points.  Just as an aside, sometimes the blank can be URL-encoded into the plus sign, too.  So or 1 = 1 could look like or+1+=+1 and it would likely work correctly, too.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question