So I created a flash based app that query the server by sending query strings into the php script via the LOADVARS, "POST" and it'll spit back xml data to the flash...

the query string is the typical "SELECT A FROM B"... This works for the most part except in certain networks like my local university. So it work for some and not others... And the really weird part is it doesn't work in the university network when there is a WHERE condition like: "SELECT A FROM B WHERE c='d'"

Any insights in this craziness would be great...
here's it is working or not working depending :/
http://livewellcollaborative.org/wiki/index.php/Special:AdvanceSearch

Are you building that SQL dynamically on your php page? I'm almost wondering if your school's firewall has some sort of blacklist that it doesn't allow that sort of thing to execute it it sees it.

Are you building that SQL dynamically on your php page? I'm almost wondering if your school's firewall has some sort of blacklist that it doesn't allow that sort of thing to execute it it sees it.

The sql statement is dynamic, yes..
Yeah.. I hope the firewall is not the case. It would suck otherwise. I'll do more testing..

Weird thing is a simple query without condition is fine... Just when I throw in a WHERE. AND the query result is blocked to flash.. Hmm. That gives me an idea on how to test this.. I'll build a regular html form to test this.

just did more tests..
and wow...
the university's network knows if i'm passing a string that's a querystring...
I just did a simple post and echo back the query string and it wouldn't even echo!

this is bad.

Yea, some university networks are ridiculously restrictive sometimes. If it's for a school project, maybe you could talk to your instructor to see if you can get some of those limitations lifted...

this is for the university, kind of.

oh well, I'll just break up the query and send it in parts to get around this problem.

It isn't uncommon for webservers to block anything that looks like it may be SQL. Even stock installs of Fedora now have a security module incorporated into Apache that will instantly block any requests containing keywords such as SELECT, UPDATE, DELETE etc. This is to prevent SQL injection attacks.