0

I have URL like this:

https://domain.com/myscript.php?par=<div>x12.l3 sdfa <div>

But when I make

var_dump($_REQUEST);

at start of my PHP script the parameter isn't listed (key "par" doesn't appear).

The value of par, is some html data including not escaped tags and spaces. Can this be the reason that par doesn't appear in var_dump ?

But when I run exactly the same script with same parameter in localhost:

https://localhost/myscript.php?par=<div>x12.l3 sdfa <div>

it works well.

I compared with tool both urls starting at "myscript.php", they match. So why I don't get the parameter on the server but in localhost?

Is maybe related to PHP configuration? It's the only thing I can think about that could be different.

Thanks in advance.

Improve this question
0

3 Answers 3

Reset to default
1

If you are using this script on a shared hosting server, or a server that someone else configured, then it is likely that there are some security measures in place to protect against GET variables such as the one you posted.

Measures could include mod_security, applicative firewalls and others.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Yes, it was different configuration of the server. In this specific case, allowed length of GET parameters (or URL, not sure).

Improve this answer

Comments

0

change https://domain.com/myscript.php?par=<div>x12.l3 sdfa <div> to https://domain.com/myscript.php?$par=<div>x12.l3 sdfa <div>

but $ before par. hope this works :)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.