_GET ['name']截断 [英] _GET['name'] truncates
问题描述
大家好,
我写了一个名为test.php的php脚本,包含以下
语句:
<?php
error_reporting(E_ALL);
$ query = $ _GET [''sql''];
echo $ query;
?>
使用带有''small''值的脚本参数sql工作正常。
虽然,使用带有sql查询的脚本如下所示
http://localhost/test.php?sql =" SELECT orders_id,customers_id,
customers_name,customers_company,customers_street_address,
customers_suburb,customers_city,customers_postcode,customers_state,
customers_country,customers_telephone,customers_email_address,
customers_address_format_id,delivery_name ,delivery_company,
delivery_street_address,delivery_suburb,delivery_city,delivery_postcode,
delivery_state,delivery_country,delivery_address_format_id,billing _name,
billing_company,billing_street_address,billing_suburb,billing_city,
billing_postcode,billing_state,billing_country,billing_address_format_id,
payment_method,cc_type,cc_owner,cc_number, cc_expires,last_modified,
date_purchased,orders_status,orders_date_finished,currency,
currency_value FROM orders where((date_purchased> = 18991230 and
last_modified is null)或last_modified> = 18991230)和orders_status在
(1,2,3)和((date_purchased< = 20071201203454和last_modified为null)或
last_modified < = 20071201203454)and orders_id = 2 order by
date_purchased"
产生以下结果:
\SELECT orders_id,customers_id,customers_name,customers_company,
customers_street_address,customers_suburb,customers_city,
customers_postcode,customers_state,customers_country,customers_telepho ne,
customers_email_address,customers_address_format_id,delivery_name,
delivery_company,delivery_street_address,delivery_suburb,delivery_city,
delivery_postcode,delivery_state,delivery_country,
delivery_address_format_id,billing_name,billing_company,
billing_street_address,billing_suburb,billing_city,billing_postcode,
billing_state,billing_country,billing_address_format_id,payment_method,
cc_type,cc_owner,cc_number,cc_expires,last_modified,date_purchased,
orders_status,orders_date_finished,currency,currency_value FROM orders
where((date_purchased> = 18991230 and last_modified为null)或者
last_modified> = 18991230)和orders_status在(1,2,3)和%2?n?
我不明白为什么价值sql参数的截断。任何
帮助表示赞赏!!
提前致谢!
Hi all,
I''ve written a php script, called test.php, consisting of the following
statements:
<?php
error_reporting(E_ALL);
$query = $_GET[''sql''];
echo $query;
?>
Using the script with ''small'' values for the parameter sql works fine.
Although, using the script with the sql query as specified below
http://localhost/test.php?sql="SELECT orders_id, customers_id,
customers_name, customers_company, customers_street_address,
customers_suburb, customers_city, customers_postcode, customers_state,
customers_country, customers_telephone, customers_email_address,
customers_address_format_id, delivery_name, delivery_company,
delivery_street_address, delivery_suburb, delivery_city, delivery_postcode,
delivery_state, delivery_country, delivery_address_format_id, billing_name,
billing_company, billing_street_address, billing_suburb, billing_city,
billing_postcode, billing_state, billing_country, billing_address_format_id,
payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified,
date_purchased, orders_status, orders_date_finished, currency,
currency_value FROM orders where ((date_purchased >= 18991230 and
last_modified is null) or last_modified >= 18991230 ) and orders_status in
(1,2,3) and ((date_purchased <= 20071201203454 and last_modified is null) or
last_modified <= 20071201203454 ) and orders_id = 2 order by
date_purchased"
results in the following:
\"SELECT orders_id, customers_id, customers_name, customers_company,
customers_street_address, customers_suburb, customers_city,
customers_postcode, customers_state, customers_country, customers_telephone,
customers_email_address, customers_address_format_id, delivery_name,
delivery_company, delivery_street_address, delivery_suburb, delivery_city,
delivery_postcode, delivery_state, delivery_country,
delivery_address_format_id, billing_name, billing_company,
billing_street_address, billing_suburb, billing_city, billing_postcode,
billing_state, billing_country, billing_address_format_id, payment_method,
cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased,
orders_status, orders_date_finished, currency, currency_value FROM orders
where ((date_purchased >= 18991230 and last_modified is null) or
last_modified >= 18991230 ) and orders_status in (1,2,3) and%2?n?
I do not understand why the value of the sql parameter is truncated. Any
help is appreciated!!
Thanks in advance!
推荐答案
query =
_GET [''sql''];
echo
_GET[''sql''];
echo
查询;
?>
使用带有''small''值的脚本参数sql工作正常。
虽然,使用带有sql查询的脚本如下所示
http://localhost/test.php?sql =" SELECT orders_id,customers_id,
customers_name, customers_company,customers_street_address,
customers_suburb,customers_city,customers_postcode,customers_state,
customers_country,customers_telephone,customers_email_address,
customers_address_format_id,delivery_name,delivery_company,
delivery_street_address,delivery_suburb,delivery_city,delivery_postcode,
delivery_state,delivery_country,delivery_address_format_id,billing_n ame,
billing_company,billing_street_address,billing_suburb,billing_city,
billing_postcode,billing_state,billing_country,billing_address_format_id,
payment_method,cc_type,cc_owner,cc_number, cc_expires,last_modified,
date_purchased,orders_status,orders_date_finished,currency,
currency_value FROM orders where((date_purchased> = 18991230 and
last_modified is null)或last_modified> = 18991230)和orders_status在
(1,2,3)和((date_purchased< = 20071201203454和last_modified为null)或
last_modified < = 20071201203454)and orders_id = 2 order by
date_purchased"
产生以下结果:
\SELECT orders_id,customers_id,customers_name,customers_company,
customers_street_address,customers_suburb,customers_city,
customers_postcode,customers_state,customers_country,customers_telephone ,
customers_email_address,customers_address_format_id,delivery_name,
delivery_company,delivery_street_address,delivery_suburb,delivery_city,
delivery_postcode,delivery_state,delivery_country,
delivery_address_format_id,billing_name,billing_company,
billing_street_address,billing_suburb,billing_city,billing_postcode,
billing_state,billing_country,billing_address_format_id,payment_method,
cc_type ,cc_owner,cc_number,cc_expires,last_modified,date_purchased,
orders_status,orders_date_finished,currency,currency_value FROM orders
where((date_purchased> = 18991230 and last_modified为null)或
last_modified> = 18991230)和orders_status在(1,2,3)和%2?n?
我不明白为什么价值sql参数被截断。任何
帮助表示赞赏!!
提前致谢!
query;
?>
Using the script with ''small'' values for the parameter sql works fine.
Although, using the script with the sql query as specified below
http://localhost/test.php?sql="SELECT orders_id, customers_id,
customers_name, customers_company, customers_street_address,
customers_suburb, customers_city, customers_postcode, customers_state,
customers_country, customers_telephone, customers_email_address,
customers_address_format_id, delivery_name, delivery_company,
delivery_street_address, delivery_suburb, delivery_city, delivery_postcode,
delivery_state, delivery_country, delivery_address_format_id, billing_name,
billing_company, billing_street_address, billing_suburb, billing_city,
billing_postcode, billing_state, billing_country, billing_address_format_id,
payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified,
date_purchased, orders_status, orders_date_finished, currency,
currency_value FROM orders where ((date_purchased >= 18991230 and
last_modified is null) or last_modified >= 18991230 ) and orders_status in
(1,2,3) and ((date_purchased <= 20071201203454 and last_modified is null) or
last_modified <= 20071201203454 ) and orders_id = 2 order by
date_purchased"
results in the following:
\"SELECT orders_id, customers_id, customers_name, customers_company,
customers_street_address, customers_suburb, customers_city,
customers_postcode, customers_state, customers_country, customers_telephone,
customers_email_address, customers_address_format_id, delivery_name,
delivery_company, delivery_street_address, delivery_suburb, delivery_city,
delivery_postcode, delivery_state, delivery_country,
delivery_address_format_id, billing_name, billing_company,
billing_street_address, billing_suburb, billing_city, billing_postcode,
billing_state, billing_country, billing_address_format_id, payment_method,
cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased,
orders_status, orders_date_finished, currency, currency_value FROM orders
where ((date_purchased >= 18991230 and last_modified is null) or
last_modified >= 18991230 ) and orders_status in (1,2,3) and%2?n?
I do not understand why the value of the sql parameter is truncated. Any
help is appreciated!!
Thanks in advance!
这篇关于_GET ['name']截断的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
