I'm trying to submit html/php code through an html form and then insert it into a mysql database. I've got the following code so far (without the insert into database query), however when I submit the form I get pushed through to my 403 page. If i comment out the textarea that contains the code I am trying to submit, then it goes through fine.
Any ideas?
<?
if (isset($_POST['optone'])) {$optone=$_POST['optone']; $opttwo=$_POST['opttwo'];}
if (isset($_POST['type'])) {if ($_POST['type']=='Theory') {$optone=1;} if ($_POST['type']=='Demo') {$optone=2;} $opttwo=$_POST['module'];}
?>
<h3>Module administration</h3>
<script>
function setOptions(chosen) {
var selbox = document.myform.opttwo;
selbox.options.length = 0;
if (chosen == " ") {
selbox.options[selbox.options.length] = new Option('Please select an option first',' ');
document.myform.go.disabled=true;
}
if (chosen == "1") {
selbox.options[selbox.options.length] = new Option('Module 1','1');
selbox.options[selbox.options.length] = new Option('Module 2','2');
selbox.options[selbox.options.length] = new Option('Module 3','3');
selbox.options[selbox.options.length] = new Option('Module 4','4');
selbox.options[selbox.options.length] = new Option('Module 5','5');
selbox.options[selbox.options.length] = new Option('Module 6','6');
selbox.options[selbox.options.length] = new Option('Module 7','7');
selbox.options[selbox.options.length] = new Option('Module 8','8');
selbox.options[selbox.options.length] = new Option('Module 9','9');
selbox.options[selbox.options.length] = new Option('Module 10','10');
document.myform.go.disabled=false;
}
if (chosen == "2") {
selbox.options[selbox.options.length] = new Option('Module 1','1');
selbox.options[selbox.options.length] = new Option('Module 2','2');
selbox.options[selbox.options.length] = new Option('Module 3','3');
selbox.options[selbox.options.length] = new Option('Module 4','4');
selbox.options[selbox.options.length] = new Option('Module 5','5');
selbox.options[selbox.options.length] = new Option('Module 6','6');
selbox.options[selbox.options.length] = new Option('Module 7','7');
selbox.options[selbox.options.length] = new Option('Module 8','8');
selbox.options[selbox.options.length] = new Option('Module 9','9');
selbox.options[selbox.options.length] = new Option('Module 10','10');
document.myform.go.disabled=false;
}
}
</script>
<br />
<center>
<form name="myform" method='post'>
Edit:
<select id="optone" name="optone" size="1" onchange="setOptions(document.myform.optone.options[document.myform.optone.selectedIndex].value);" >
<option value=" " >--Choose--</option>
<option value="1" >Theory</option>
<option value="2" >Demo</option>
</select>
<select name="opttwo" size="1">
<option value=" " selected="selected">Please select an option first</option>
</select>
<input type='submit' name='go' id='go' value='Go' disabled='disabled'/>
</form>
</center>
<br /><br />
<?
if (isset($opttwo)) {
if ($optone==1) {$query = "SELECT info,userscompleted,last_user,enabled FROM theorydata WHERE TheoryID=".$opttwo; $typestr='Theory'; $texthelp='Code must be entered in HTML';}
if ($optone==2) {$query = "SELECT info,userscompleted,last_user,enabled FROM demodata WHERE DemoID=".$opttwo; $typestr='Demo'; $texthelp='Code must be entered in PHP';}
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$query2="SELECT full_name FROM users WHERE id=".$row['last_user'];
$result2 = mysql_query($query2) or die(mysql_error());
$row2 = mysql_fetch_array($result2);
?>
<form method='post' >
<table>
<tr>
<td align='center'>
Type:
</td>
<td>
<input type='text' name='type' readonly='readonly' value="<? echo $typestr; ?>" />
</td>
</tr>
<tr>
<td align='center'>
Module:
</td>
<td>
<input type='text' name='module' readonly='readonly' value="<? echo $opttwo; ?>" />
</td>
</tr>
<tr>
<td align='center' >
Enabled?
</td>
<td>
<select name='enabled'>
<option value='yes' <? if ($row['enabled'] == '1') {echo "selected='selected'";}?> >Yes</option>
<option value='no' <? if ($row['enabled'] == '0') {echo "selected='selected'";}?> >No</option>
</select>
</td>
</tr>
<tr>
<td align='center'>
Code:
</td>
<td>
<center><font color='red'><? echo $texthelp; ?></font></center>
<textarea name='info' rows=35 cols=80><? echo htmlentities($row['info']); ?></textarea>
</td>
</tr>
<tr>
<td align='center' >
Users completed:
</td>
<td>
<input type='text' name='userscompleted' value="<? echo $row['userscompleted']; ?>" size=4/>
</td>
</tr>
<tr>
<td align='center' >
Last user:
</td>
<td>
<input type='text' name='last_user' readonly='readonly' value="<? echo $row2['full_name']; ?>" />
</td>
</tr>
<tr>
<td></td>
<td align='center'>
<input type='submit' value='Edit'/>
</td>
</tr>
</table>
</form>
<?
}//close isset(opttwo)
?>