GET args can be truncated at some number, if the server does not want to allow longer args. I believe the minimum compliant limit is 1024 bytes. You also REALLY ought to be using http://php.net/urlencode on the GET args. And if you are spitting that URL out to a browser, you should then use http://php.net/htmlentities on it as well. On Mon, February 5, 2007 12:42 pm, Ramon wrote: > Hi all, > > I've written a php script, called test.php, consisting of the > following > statements: > > <?php > error_reporting(E_ALL); > $query = $_GET['sql']; > echo $query; > ?> > Using the script with 'small' values for the parameter sql works fine. > Although, using the script with the sql query as specified below > > http://localhost/test.php?sql="SELECT orders_id, customers_id, > customers_name, customers_company, customers_street_address, > customers_suburb, customers_city, customers_postcode, customers_state, > customers_country, customers_telephone, customers_email_address, > customers_address_format_id, delivery_name, delivery_company, > delivery_street_address, delivery_suburb, delivery_city, > delivery_postcode, > delivery_state, delivery_country, delivery_address_format_id, > billing_name, > billing_company, billing_street_address, billing_suburb, billing_city, > billing_postcode, billing_state, billing_country, > billing_address_format_id, > payment_method, cc_type, cc_owner, cc_number, cc_expires, > last_modified, > date_purchased, orders_status, orders_date_finished, currency, > currency_value FROM orders where ((date_purchased >= 18991230 and > last_modified is null) or last_modified >= 18991230 ) and > orders_status in > (1,2,3) and ((date_purchased <= 20071201203454 and last_modified is > null) or > last_modified <= 20071201203454 ) and orders_id = 2 order by > date_purchased" > > results in the following: > > \"SELECT orders_id, customers_id, customers_name, customers_company, > customers_street_address, customers_suburb, customers_city, > customers_postcode, customers_state, customers_country, > customers_telephone, > customers_email_address, customers_address_format_id, delivery_name, > delivery_company, delivery_street_address, delivery_suburb, > delivery_city, > delivery_postcode, delivery_state, delivery_country, > delivery_address_format_id, billing_name, billing_company, > billing_street_address, billing_suburb, billing_city, > billing_postcode, > billing_state, billing_country, billing_address_format_id, > payment_method, > cc_type, cc_owner, cc_number, cc_expires, last_modified, > date_purchased, > orders_status, orders_date_finished, currency, currency_value FROM > orders > where ((date_purchased >= 18991230 and last_modified is null) or > last_modified >= 18991230 ) and orders_status in (1,2,3) and%2Ãnà > > I do not understand why the value of the sql parameter is truncated. > Any > help is appreciated!! > > Thanks in advance! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
