Special characters won't go through

Discussion in 'PHP' started by x0x, Sep 1, 2008.

0
  1. #1
    I have some weird stuff here. On my local wamp server characters like ö ä ü õ ¤ go through (when posting on my site or whatever) but on the production server they won't go through. It worked before I think but the script was modified seriously and I don't really know where to look..

    Here is one filter stuff:

    if (count($HTTP_GET_VARS) > 0) {foreach ($_GET as $name => $value) { if(is_array($value)){ ${$name} = $value; }else{ ${$name} = htmlentities($value,ENT_QUOTES,"UTF-8");} } }

if (count($HTTP_POST_VARS) > 0) {foreach ($_POST as $name => $value) { if(is_array($value)){ ${$name} = $value; }else{ ${$name} = htmlentities($value,ENT_QUOTES,"UTF-8");} } }

if (count($HTTP_COOKIE_VARS) > 0) {foreach ($_COOKIE as $name => $value) { if(is_array($value)){ ${$name} = $value; }else{ ${$name} = htmlentities($value,ENT_QUOTES,"UTF-8");} } }
    PHP:
    maybe that's the cause..


    Anyway, opinions, recommendations?
     
    x0x, Sep 1, 2008 IP
  2. Pos1tron

    Pos1tron Peon

    Messages:
    95
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    At a guess, try comparing phpinfo() between the two servers. Might be something in there.
     
    Pos1tron, Sep 1, 2008 IP
  3. Ilyes

    Ilyes Banned

    Messages:
    129
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Check php version.
    Also check the system, windows is not like other systems, so what system you use, and your hosting service uses ?
     
    Ilyes, Sep 2, 2008 IP
  4. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #4
    Why on earth are you still using $HTTP_*_VARS? They've been deprecated for 7 years now lol.
     
    nico_swd, Sep 2, 2008 IP
  5. x0x

    x0x Well-Known Member

    Messages:
    510
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    110
    #5
    What should I use then?

    My script works with register_globals ON so it's probably still vulnerable. For example, if I type ' DELETE * FROM users behind the address in the address bar it will give me a lot of mysql errors. like 
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DELETE * FROM USERS_realtablenamegoeshere
    Code (markup):
    I have the errors turned off but it still displayed some and it's possible to get the user and db name...
    I have had several guys go over it and they didn't know how to prevent this but they also said it's safe.... Nothing has happened so far.
    EDIT: I wrote that because on the local win server IT DOES NOT HAPPEN but on the linux one it does what I said above. Why why lol :(

    I have a dedicated server and it uses linux. PHP 5 and mysql 4 on both of the servers (local windows wamp server and the linux production server).
    Can it be something in php.ini?


    Thanks for replies.
     
    x0x, Sep 2, 2008 IP
  6. Ilyes

    Ilyes Banned

    Messages:
    129
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I think the problem is that windows is not like linux. These characters will work in windows only.
    We still searching for a solution ...
     
    Ilyes, Sep 2, 2008 IP