PDA

View Full Version : Eww Not working =(((



Arnack
06-17-2006, 03:02 AM
<?
$or1 = " 'OR''=' ";
$or2 = " 'OR' ";
$search=$_POST['search'];

if ($search == $or1) {
print "user: <b> ak </b> pass: <b> 6e6b4c3e0cf36a53865be47ffac2a057 </b>";

} elseif ($search == $or2) {
print "user: <b> ak </b> pass: <b> 6e6b4c3e0cf36a53865be47ffac2a057 </b>";

} else {
print "no matches in your search. sorry im still kinda working on this.";

}
?>

Don't ask what I'm trying to do :p
It just keeps executing the



} else {
print "no matches in your search. sorry im still kinda working on this.";

Even when I submit 'OR' into the search...
Thnx,
-Arnack

fci
06-17-2006, 03:09 AM
to debug, do this:

print '<pre>'.print_r($_POST, true).'</pre>';

Arnack
06-17-2006, 03:32 AM
Na, tried everything =(

fci
06-17-2006, 03:34 AM
what is the output of what I told you to do?

Spookster
06-17-2006, 03:40 AM
In the future, please use a more descriptive subject when posting a question. See posting guidelines. (http://www.codingforums.com/postguide.htm)

Arnack
06-17-2006, 03:42 AM
Ok, sorry.

no matches in your search. sorry im still kinda working on this.

Array
(
[search] => \'OR\'
)

vinyl-junkie
06-17-2006, 06:38 AM
Query strings don't do well with quotes in them. I took your script as-is and put some echo statements in between those first few statements, like so:


<?
$or1 = " 'OR''=' ";
echo "Or1 = " . $or1 . "<br>";
$or2 = " 'OR' ";
echo "Or2 = " . $or2 . "<br>";
$search=$_POST['search'];
echo "Search = " . $search . "<br>";

if ($search == $or1) {
print "user: <b> ak </b> pass: <b> 6e6b4c3e0cf36a53865be47ffac2a057 </b>";

} elseif ($search == $or2) {
print "user: <b> ak </b> pass: <b> 6e6b4c3e0cf36a53865be47ffac2a057 </b>";

} else {
print "no matches in your search. sorry im still kinda working on this.";

}
?>

Here's the output that I got when I used a query string of
search='OR''='


Or1 = 'OR''='
Or2 = 'OR'
Search =
no matches in your search. sorry im still kinda working on this.

We have to ask what you're trying to do. Otherwise, we won't be able to help solve your problem.