We have Java code that creates a GET request using logic such as:
String getReq = "&aParam=" + URLEncoder.encode("valueWithSubstring", "UTF-8");
Then our PHP based reporting system reads this and tries to filter for certain values. The problem is that for whatever reason in some cases they seem to pass through when they shouldn't. The PHP filtering code at it's most basic is:
if(strpos($_GET['aParam'], 'substringToFilter') !== false)
die();
But for whatever reason the substringToFilter doesn't seem to filter the requests...