r0b Posted May 15, 2011 Share Posted May 15, 2011 I'm facing a problem with a simple script I wrote. It has to write out an error if there's a "<" character in the url. $url = basename($_SERVER['PHP_SELF']).$_SERVER['QUERY_STRING']; if(strpos($url, "<") !== FALSE) //found echo die ("error"); Which does the right thing for example: example.com/< will output an error while example.com/?< doesn't output the error. Does anyone have any idea how do make "<" display the error even if the ? (question mark) is in front of it. Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/ Share on other sites More sharing options...
r0b Posted May 15, 2011 Author Share Posted May 15, 2011 I also know this would work (note I replaced < with ? this time): if(strpos($url, "?") !== FALSE) //found echo die ("error"); But I don't want to block the "?", I just want < to be blocked no matter what. (even if it has the question mark in front of it) Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215711 Share on other sites More sharing options...
r0b Posted May 15, 2011 Author Share Posted May 15, 2011 I think I'm getting closer to the problem, atleast an idea on how to solve this: $ill = "<"; $ill .="?"; $url = basename($_SERVER['PHP_SELF']).$_SERVER['QUERY_STRING']; if(strpos($url, $ill) !== FALSE) //found echo die ("error"); What I'm trying to do here is, if the url containts both < and ?, show error, but still no luck. Still trying to make the original idea work, to show error if < is used in an url, even if it has a ? in front of it. (Works perfectly if theres no ? in front of it). Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215753 Share on other sites More sharing options...
r0b Posted May 15, 2011 Author Share Posted May 15, 2011 Bumping without any code or ideas this time. Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215818 Share on other sites More sharing options...
r0b Posted May 16, 2011 Author Share Posted May 16, 2011 All this time I was applying this code to one page and testing on another. I changed the code to the appropriate page and expecting it work, but it still isn't doing what its supposed to. Any more fresh ideas? Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215852 Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 Have you echoed $_SERVER['PHP_SELF'] and $_SERVER['QUERY_STRING'] so that you would see what you are actually receiving? Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215854 Share on other sites More sharing options...
r0b Posted May 16, 2011 Author Share Posted May 16, 2011 Have you echoed $_SERVER['PHP_SELF'] and $_SERVER['QUERY_STRING'] so that you would see what you are actually receiving? No, to be honest, and by saying that I think you just solved my whole problem. Check end of the post for the (hopefully) last problem on this. it gives out: (please mind I use .htaccess to change ?page=Pagename to just PageName) index.phppage=PageName This means, I have to add something in between, a question mark. So the new code is: (just added the ? so it would proccess it correctly. $hostname = $_SERVER['PHP_SELF']; $hostname = str_replace('index.php', '', $hostname); $hostname = str_replace($page, '', $hostname); $ill = "<"; $url = basename($_SERVER['PHP_SELF'])."?".$_SERVER['QUERY_STRING']; it now outputs index.php?page=PageName Testing it out on the url: "example.com/PageName<" - Does not display the error. Testing out out with the questionmark "example.com/PageName?< - Does not display the error, but when echoed it shows "%3C" Took it a step further and change the < in the PHP file to %3C. index.php?page=PageName< finally displays the error, and later index.php?page=PageName?< (finally displays the error) while example.com/PageName< doesn't display the error anymore. (neither does adding <?) It now displays error on the index.php? URLS but not on the regular /PageName. I presume this is because of the < changing to %3C. Is there any way I can define $ill is both < and %3C. (I know they're the same, but I think it would fix this.) I'm trying $ill = "%3C"; $ill .= "<"; But its still not doing the trick. Thanks for the hude heads up PFMaBiSmAd. Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215865 Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 The %3C is a urlencoded value. If you use urldecode on the parts of the URL, %3C will be converted back to a < Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215872 Share on other sites More sharing options...
r0b Posted May 16, 2011 Author Share Posted May 16, 2011 The %3C is a urlencoded value. If you use urldecode on the parts of the URL, %3C will be converted back to a < Thanks again for the tip. Is there any way to attach more sings or words to the variable $ill if I wanted more of those? (example shown above) $ill = "word1"; $ill .= "somethingelse"; $ill .= "!!!"; $url = basename($_SERVER['PHP_SELF'])."?".$_SERVER['QUERY_STRING']; if(strpos($url, $ill) !== FALSE) //found echo die ("error"); Link to comment https://forums.phpfreaks.com/topic/236464-if-url-contains-x-do-y/#findComment-1215879 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.