4

So... I have the following code which is very simple:

<?php echo $_GET["base_grant_url"] ?>

Currently, this is just for testing. I am having problems though... when the following URLs tested with:

http://localhost/?base_grant_url=htt%3A%2F%2Fn00.test.com
http://localhost/?base_grant_url=http%3A%2F%2Fn00

The parameter is printed properly. Notice the missing "p" in the first and no "." characters in the parameter in the second. When the following 2 URLs are passed:

http://localhost/?base_grant_url=http%3A%2F%2Fn00.test.com
http://localhost/?base_grant_url=http%3A%2F%2Fn00.

Both of these addresses print back absolutely nothing... it took me quite a while to narrow my problem down to this as this is a small part of a larger scenario but this is what I am currently trying to correct. Why am I unable to get the parameters when they are incorrect but when they have HTTP and a "." character in them... the $_GET function fails? Is there some common convention I am missing or some simple fix to this problem?

EDIT: So after testing on a local test server it works fine. I will be contacting my hosting provider to try and find the issue.

as for the output for print_r... here is the code and output:

CODE:

echo "Base Grant URL = ";
echo $_GET["base_grant_url"];
echo " -=- GET = ";
print_r($_GET);

Test 1 (no "." in parameter also this works if http is not in parameter):

URL: http://testserver.com/?base_grant_url=https%3A%2F%2Fexamplecom%2Fsplash%2Flogin%2F%3Fmauth%3DABCDEFG123456
OUTPUT: Base Grant URL = https://examplecom/splash/login/?mauth=ABCDEFG123456 -=- GET = Array ( [base_grant_url] => https://examplecom/splash/login/?mauth=ABCDEFG123456 )

Test 2 (with proper URL):

URL: http://testserver.com/?base_grant_url=https%3A%2F%2Fexample.com%2Fsplash%2Flogin%2F%3Fmauth%3DABCDEFG123456
OUTPUT: Base Grant URL = -=- GET = Array ( )
Improve this question
9
  • Working fine for me, may be some sever issue Commented Feb 14, 2013 at 7:14
  • it works perfect... no issue in getting the base_grant_url value... Commented Feb 14, 2013 at 7:21
  • It works fine. I hope you're using the right URL. For example if you wrote that in test.php you use http://localhost/test.php?base_grant_url=htt%3A%2F%2Fn00.test.com Commented Feb 14, 2013 at 9:23
  • Have you got a RewriteRule that might strip possibly dangerous Query strings or supposedly protects against injections? Commented Feb 14, 2013 at 11:22
  • 1
    This is not a solution to empty $_GET but why you don't encode URL with something like base64_encode/decode? Commented Feb 18, 2013 at 6:30

1 Answer 1

Reset to default
1

I had the same issue and it was my website hosting company that had some mod security rules enabled on the server to protect against what they call "Generic PHP code injections". Not sure I agree that there is a risk, but they disabled it and my scripts started working.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.