I'll let everyone else do the "why the hell are you doing this? security blah blah! bad practice blah blah!" type stuff.. I'm sure there will be plenty.
One reason this may be happening is, depending on your browser, there's a limit to the number of characters you can have in a URL. That seems to be cutting off around 900 characters. That's a lot to put into a URL. If you're really intent on setting up a PHP powered web page to test SQL statements, I might recommend using a web form either using input type=text or textarea form elements and a POST method instead of GET. If you don't have control over the server but do everything remotely, you might consider seeing if there's a phpMyAdmin set up with your hosting service that you can use for database management/queries/etc. If it's a localish database, you can still use phpMyAdmin, but might also have the option of setting up an ODBC connection and using a program like WinSQL or Navicat to connect and do queries and maintenance. If you have more specific questions about any of this, feel free to ask. -TG = = = Original message = = = Hi all, I've written a php script, called test.php, consisting of the following statements: <?php error_reporting(E_ALL); $query = $_GET['sql']; echo $query; ?> Using the script with 'small' values for the parameter sql works fine. Although, using the script with the sql query as specified below http://localhost/test.php?sql="SELECT orders_id, customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased, orders_status, orders_date_finished, currency, currency_value FROM orders where ((date_purchased >= 18991230 and last_modified is null) or last_modified >= 18991230 ) and orders_status in (1,2,3) and ((date_purchased <= 20071201203454 and last_modified is null) or last_modified <= 20071201203454 ) and orders_id = 2 order by date_purchased" results in the following: \"SELECT orders_id, customers_id, customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, last_modified, date_purchased, orders_status, orders_date_finished, currency, currency_value FROM orders where ((date_purchased >= 18991230 and last_modified is null) or last_modified >= 18991230 ) and orders_status in (1,2,3) and%2~n~ I do not understand why the value of the sql parameter is truncated. Any help is appreciated!! Thanks in advance! ___________________________________________________________ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
