Jump to content

403 Forbidden

ilikephp

By ilikephp
in PHP Coding Help

Recommended Posts

kenrbnsn Regular Member

kenrbnsn

Posted
Posted

Using $PHP_SELF worked when register_globals was enabled by default. This hasn't been the case for over 5 years. Just make the action null and it will post back to the calling script:

<form name="search" method="post" action="">

 

Also the construct "<?=" will only work if short tags are enabled. Don't use it, use the "echo" statement instead.

 

Ken

Link to comment
https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055498
Share on other sites
ilikephp Advanced Member

ilikephp

Posted
  • Author
Posted

This is my code, now when I click on the search button, the forbidden will not be displayed but now My page is reopened again, and the search code is not generated.

 

<h2>Search</h2>  
<form name="search" method="post" action=""> 
Seach for: <input type="text" name="find" /> in  
<Select NAME="field"> 
<Option VALUE="fname">First Name</option> 
<Option VALUE="lname">Last Name</option> 
<Option VALUE="info">Profile</option> </Select> 

<input type="hidden" name="searching" value="yes" /> 
<input type="submit" name="search" value="Search" /> </form>




<?  //This is only displayed if they have submitted the form  
if ($searching =="yes")  
{  
echo "<h2>Results</h2><p>";   
//If they did not enter a search term we give them an error  
if ($find == "")  
{  
echo "<p>You forgot to enter a search term";  exit;  
}   

// Otherwise we connect to our Database  
mysql_connect("localhost", "root", "123456") or die(mysql_error());  
mysql_select_db("par") or die(mysql_error());   

// We preform a bit of filtering  
$find = strtoupper($find);  
$find = strip_tags($find);  
$find = trim ($find);   

//Now we search for our search term, in the field the user specified  
$data = mysql_query("SELECT * FROM users WHERE upper($field) LIKE'%$find%'");   

//And we display the results  
while($result = mysql_fetch_array( $data ))  
{  
echo $result['fname'];  
echo " ";  
echo $result['lname'];  
echo "<br>";  
echo $result['info'];  
echo "<br>";  
echo "<br>";  
}   
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);  
if ($anymatches == 0)  
{  
echo "Sorry, but we can not find an entry to match your query<br><br>";  
}   
//And we remind them what they searched for  
echo "<b>Searched For:</b> " .$find;  
}  
?>

Link to comment
https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055503
Share on other sites
kenrbnsn Regular Member

kenrbnsn

Posted
Posted

You are still relying on register_globals being enabled. you need to explicitly get the values from the $_POST super global array:

<h2>Search</h2>  
<form name="search" method="post" action=""> 
Seach for: <input type="text" name="find" /> in  
<Select NAME="field"> 
<Option VALUE="fname">First Name</option> 
<Option VALUE="lname">Last Name</option> 
<Option VALUE="info">Profile</option> </Select> 

<input type="hidden" name="searching" value="yes" /> 
<input type="submit" name="search" value="Search" /> </form>




<?php  //This is only displayed if they have submitted the form  
if ($_POST['searching'] =="yes")  
{  
echo "<h2>Results</h2><p>";   
//If they did not enter a search term we give them an error  
if ($_POST['find'] == "")  
{  
echo "<p>You forgot to enter a search term";  exit;  
}   

// Otherwise we connect to our Database  
mysql_connect("localhost", "xxxx", "xxxxx") or die(mysql_error());  
mysql_select_db("par") or die(mysql_error());   

// We preform a bit of filtering  
$find = strtoupper(strip_tags($trim($_POST['find'])));

//Now we search for our search term, in the field the user specified  
$data = mysql_query("SELECT * FROM users WHERE upper({$_POST['field']}) LIKE'%$find%'");   

//And we display the results  
while($result = mysql_fetch_array( $data ))  
{  
echo $result['fname'];  
echo " ";  
echo $result['lname'];  
echo "<br>";  
echo $result['info'];  
echo "<br>";  
echo "<br>";  
}   
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
$anymatches=mysql_num_rows($data);  
if ($anymatches == 0)  
{  
echo "Sorry, but we can not find an entry to match your query<br><br>";  
}   
//And we remind them what they searched for  
echo "<b>Searched For:</b> " .$find;  
}  
?>

 

Ken

Link to comment
https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055508
Share on other sites
ilikephp Advanced Member

ilikephp

Posted
  • Author
Posted

thanks for your help...

 

When I click on search I am getting:

Notice: Undefined variable: trim in C:\www\Prog\search.php on line 28

 

Fatal error: Function name must be a string in C:\www\Prog\search.php on line 28

 

Which is:

// We preform a bit of filtering 

$find = strtoupper(strip_tags($trim($_POST['find']))); 

 

Link to comment
https://forums.phpfreaks.com/topic/201179-403-forbidden/#findComment-1055511
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.