SirChick Posted January 20, 2008 Share Posted January 20, 2008 Hey guys, Have a question about $_GET. If a page doesn't use the function at all and a user edits the url to try to break the page so say they put: text.php?3231 Then the site url changes it to: text.php?%3221 Is that considered safe? Or should it be wiser to clear it so that it goes to "text.php" ? I am not sure if the % is meant to happen ? Quote Link to comment Share on other sites More sharing options...
trq Posted January 20, 2008 Share Posted January 20, 2008 If your script isn't expecting any get variables it won't care if there is any. This is another reason register_globals is now depricated. Extra variables within the url should have no effect unless your server is misconfigured. I have been able to get access to source code on occasion by using index.php?~ Quote Link to comment Share on other sites More sharing options...
SirChick Posted January 20, 2008 Author Share Posted January 20, 2008 So how come it adds the % symbol to the url? Does it do that for a reason ? Quote Link to comment Share on other sites More sharing options...
trq Posted January 20, 2008 Share Posted January 20, 2008 How are you getting that result? Quote Link to comment Share on other sites More sharing options...
SirChick Posted January 20, 2008 Author Share Posted January 20, 2008 It does it almost 100% of the time if i put: text.php?'" that becomes: text.php?'%22 Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted January 20, 2008 Share Posted January 20, 2008 That's just because " is encoded to %20. Example: http://www.google.com/search?q=%22test%22 is a search on Google for "test". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.