Home/ Questions/Q 8897437
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T00:20:37+00:00

so i got a site (didnt develop it), where you have urls like this:

  • 0

so i got a site (didnt develop it), where you have urls like this:

http://mysite.com/profile-user/profile/nameOfUser

it’s a site develop with Zend, i already dont like the url config, i think it’s verbose but that’s not the real problem anyway.

if i do this:

http://mysite.com/profile-user/profile/'

adding a single quote to the user name, i get a bunch of zend error messages:

Exception information:

        Message: Mysqli prepare error: You have an error in your SQL syntax;
     check the manual that corresponds to your MySQL server version for the
 right syntax to use near '''') LIMIT 1' at line 1
        Stack trace:

then follows the stacktrace

then

Request Parameters:

    array (
      'profil' => '\'',
      'module' => 'default',
      'controller' => 'journalentrepreneur',
      'action' => 'index',
      'tab' => 'profil',
    )

what is that supposed to mean ?

thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This means that the site’s URL is causing a query to be sent directly to the MySQL database, which is – from a security standpoint – dangerous at best! Look up SQL Injection if you’re not sure what I am referring to.

    It looks like rather than the Zend framework, you need to look at the coding of the site itself – how is the URL structure built?

    You haven’t said much about the config of the site, but assuming it is on an Apache server, look at the rewrite rules and the PHP files that it refers to – you’ll need to include some example code here to enable us to help you more. Either way, you will need to do some work to properly secure the site before you’re finished, so be careful!

    • 0