Solved

php query string addition

Posted on 2016-09-05
4
77 Views
Last Modified: 2016-10-12
At the end of php query string
I add
or 1=1

but the text is changed to
%20or%201=1


how can I add
or 1=1 to end of url


I saw sql injection tutorials but none make sense too theoretical
0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 41785006
That is correct for url encoding. You cannot have spaces in a query string. They have been replaced with %20 which is recognized as a space by the server when it receives the request.
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41785027
The text or 1 = 1 is URL-encoded into or%201%20=%201.  When the information is found inside the $_GET array, it will have been URL-decoded, back into or 1 = 1.  So if you wanted to add or 1 = 1 to test SQL injection, just add or%201%20=%201 to the end of the URL.

PHP functions about URL-encoding:
http://php.net/manual/en/function.urlencode.php
http://php.net/manual/en/function.urldecode.php

General reference:
http://php.net/manual/en/book.url.php
1
 

Author Closing Comment

by:rgb192
ID: 41841183
full %20 answer with code showed me complete answer

thanks
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41841192
Thanks for the points.  Just as an aside, sometimes the blank can be URL-encoded into the plus sign, too.  So or 1 = 1 could look like or+1+=+1 and it would likely work correctly, too.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question