• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 96
  • Last Modified:

php query string addition

At the end of php query string
I add
or 1=1

but the text is changed to

how can I add
or 1=1 to end of url

I saw sql injection tutorials but none make sense too theoretical
  • 2
1 Solution
Kim WalkerWeb Programmer/TechnicianCommented:
That is correct for url encoding. You cannot have spaces in a query string. They have been replaced with %20 which is recognized as a space by the server when it receives the request.
Ray PaseurCommented:
The text or 1 = 1 is URL-encoded into or%201%20=%201.  When the information is found inside the $_GET array, it will have been URL-decoded, back into or 1 = 1.  So if you wanted to add or 1 = 1 to test SQL injection, just add or%201%20=%201 to the end of the URL.

PHP functions about URL-encoding:

General reference:
rgb192Author Commented:
full %20 answer with code showed me complete answer

Ray PaseurCommented:
Thanks for the points.  Just as an aside, sometimes the blank can be URL-encoded into the plus sign, too.  So or 1 = 1 could look like or+1+=+1 and it would likely work correctly, too.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now