ilikephp Posted May 9, 2010 Share Posted May 9, 2010 Hi, I have a php search script, when I click on the search, I am getting: 403 Forbidden You don't have permission to access /soft/< on this server How can I fix it plz? Thx in advance... Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/ Share on other sites More sharing options...
ilikephp Posted May 9, 2010 Author Share Posted May 9, 2010 I think that: "<?=$PHP_SELF?>"> is the problem can it be fixed? <form name="search" method="post" action="<?=$PHP_SELF?>"> Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055492 Share on other sites More sharing options...
kenrbnsn Posted May 9, 2010 Share Posted May 9, 2010 Using $PHP_SELF worked when register_globals was enabled by default. This hasn't been the case for over 5 years. Just make the action null and it will post back to the calling script: <form name="search" method="post" action=""> Also the construct "<?=" will only work if short tags are enabled. Don't use it, use the "echo" statement instead. Ken Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055498 Share on other sites More sharing options...
ilikephp Posted May 9, 2010 Author Share Posted May 9, 2010 This is my code, now when I click on the search button, the forbidden will not be displayed but now My page is reopened again, and the search code is not generated. <h2>Search</h2> <form name="search" method="post" action=""> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="fname">First Name</option> <Option VALUE="lname">Last Name</option> <Option VALUE="info">Profile</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <? //This is only displayed if they have submitted the form if ($searching =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } // Otherwise we connect to our Database mysql_connect("localhost", "root", "123456") or die(mysql_error()); mysql_select_db("par") or die(mysql_error()); // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'"); //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['fname']; echo " "; echo $result['lname']; echo "<br>"; echo $result['info']; echo "<br>"; echo "<br>"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055503 Share on other sites More sharing options...
kenrbnsn Posted May 9, 2010 Share Posted May 9, 2010 You are still relying on register_globals being enabled. you need to explicitly get the values from the $_POST super global array: <h2>Search</h2> <form name="search" method="post" action=""> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="fname">First Name</option> <Option VALUE="lname">Last Name</option> <Option VALUE="info">Profile</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <?php //This is only displayed if they have submitted the form if ($_POST['searching'] =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($_POST['find'] == "") { echo "<p>You forgot to enter a search term"; exit; } // Otherwise we connect to our Database mysql_connect("localhost", "xxxx", "xxxxx") or die(mysql_error()); mysql_select_db("par") or die(mysql_error()); // We preform a bit of filtering $find = strtoupper(strip_tags($trim($_POST['find']))); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM users WHERE upper({$_POST['field']}) LIKE'%$find%'"); //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['fname']; echo " "; echo $result['lname']; echo "<br>"; echo $result['info']; echo "<br>"; echo "<br>"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> Ken Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055508 Share on other sites More sharing options...
ilikephp Posted May 9, 2010 Author Share Posted May 9, 2010 thanks for your help... When I click on search I am getting: Notice: Undefined variable: trim in C:\www\Prog\search.php on line 28 Fatal error: Function name must be a string in C:\www\Prog\search.php on line 28 Which is: // We preform a bit of filtering $find = strtoupper(strip_tags($trim($_POST['find']))); Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055511 Share on other sites More sharing options...
kenrbnsn Posted May 9, 2010 Share Posted May 9, 2010 Sorry, It's trim not $trim. Ken Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055513 Share on other sites More sharing options...
ilikephp Posted May 9, 2010 Author Share Posted May 9, 2010 GREAT IT WORKS Still have one prob, when I press F12 to check my page I get this error: Notice: Undefined index: searching in C:\www\Prog\search.php on line 14 //This is only displayed if they have submitted the form if ($_POST['searching'] =="yes") { Link to comment https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055515 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.