> https://www.xxx.co.uk/register.php"| grep "123"
I wonder what kind of browser could make this, probably a hacker-made one! This URL will have to be translated into its equivalent URI, if using GET the HTTP message's start line would look like: GET /register.php"| grep "123" HTTP/1.1 First of all, the HTTP protocol states that the start line should contain: METHOD <one or more spaces> URI <one or more spaces> HTTP/1.1 So, this is clearly violated as there are two spaces surrounding grep, i believe if the server has trouble with this request, it's not yet at the PHP level... it's an HTTP issue, clearly server related. You wont detect this with PHP, and if you do detect anything, it means your server has modified it so you could... for example, in this case it might convert the whole "| grep "123" into a single get argument's name, it could be simply removed/ignored, the server could try to see if there is a file named `/register.php"| grep "123"` and returns a 404... but the only acceptable behavior in this case is for the server to return 400 (read http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1). Good luck! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php