MrLoefjo Posted June 22, 2011 Share Posted June 22, 2011 Heya. I have a problem with access to my database. When selecting data from tables blog, or blogcomment it works fine, but when i try to insert a new comment to a blog topic via a form it says 403 access forbidden. Here is a code from a file that contains comment adding option. <?php require("config.php"); if(isset($_GET['id']) == TRUE) { if(is_numeric($_GET['id']) == FALSE) { $error = 1; } if($error == 1) { header("Location: " . $config_basedir); } else { $validentry = $_GET['id']; } } else { $validentry = 0; } if($_POST['submit']) { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); $sql = "INSERT INTO blogcomment(blog_id, Date, Username, Comment) VALUES(" . $validentry . ", NOW(), '" . $_POST['name'] . "', '" . $_POST['comment'] . "');"; mysql_query($sql); header("Location: http://" . $HTTP_HOST . $SCRIPT_NAME . "?id=" . $validentry); } else { // code will go here } require("header.php"); if($validentry == 0) { $sql = "SELECT blog.* FROM blog ". "ORDER BY Date DESC ". "LIMIT 1;"; } else { $sql = "SELECT blog.* FROM blog WHERE blog.id = $validentry ORDER BY Date ASC LIMIT 1"; } $result = mysql_query($sql); $row = mysql_fetch_assoc($result); echo "<h2>" . $row['Title'] . "</h2><br />"; echo "</a> - Posted on " . date("D jS F Y g.iA", strtotime($row['Date'])) ."</i>"; echo "<p>"; echo nl2br($row['Entry']); echo "</p>"; $commsql = "SELECT blogcomment.* FROM blogcomment WHERE blogcomment.blog_id = $validentry ORDER BY Date DESC"; $commresult = mysql_query($commsql); $numrows_comm = mysql_num_rows($commresult); $numrows_comm = mysql_num_rows($commresult); if($numrows_comm == 0) { echo "<p>No comments.</p>"; } else { $i = 1; while($commrow = mysql_fetch_assoc($commresult)) { echo "<a name='comment" . $i . "'>"; echo "<h3>Comment by " . $commrow['Username'] . " on " . date("D jS F Y g.iA", strtotime($commrow['Date'])) . "</h3>"; echo $commrow['Comment']; $i++; } } ?> <h3>Leave a comment</h3> <form action="<?php echo $SCRIPT_NAME . "?id=" . $validentry; ?>" method="post"> <table> <tr> <td>Your name</td> <td><input type="text" name="name"></td> </tr> <tr> <td>Comments</td> <td><textarea name="comment" rows="10" cols="50"></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Add comment"></td> </tr> </table> </form> <?php require("footer.php"); ?> Any help would be appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/ Share on other sites More sharing options...
TeNDoLLA Posted June 22, 2011 Share Posted June 22, 2011 Have you checked if the data is inserted after all to db? Could be that you are redirecting after insert to a path where you have no rights to be which could cause a 403 error. Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/#findComment-1233272 Share on other sites More sharing options...
MrLoefjo Posted June 22, 2011 Author Share Posted June 22, 2011 No, it is not inserted. Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/#findComment-1233289 Share on other sites More sharing options...
TeNDoLLA Posted June 22, 2011 Share Posted June 22, 2011 Try echoing out the query u try to run and see if the result is as you expect it to be? Maybe add some more echoes or die('Some error') calls in to your code to debug, where the problem lies. Might be also good idea to comment out during testing the redirects so you will actually see the errors (assuming you have error reporting on). Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/#findComment-1233296 Share on other sites More sharing options...
MrLoefjo Posted June 23, 2011 Author Share Posted June 23, 2011 I tried running a simple insert query without any variables, just static data, after pushing the submit button, and it still returns 403 error. But what's interesting, when i try to run it in firefox ( normally i use chrome ), it gives me 404 error instead. Also this appears in my browser field after running the code, although i don't think it is connected to this particular problem: http://localhost/webcomic/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20SCRIPT_NAME%20in%20%3Cb%3EC:%5Cxampp%5Chtdocs%5CWebcomic%5Cviewentry.php%3C/b%3E%20on%20line%20%3Cb%3E81%3C/b%3E%3Cbr%20/%3E?id=2 Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/#findComment-1234056 Share on other sites More sharing options...
boompa Posted June 23, 2011 Share Posted June 23, 2011 If you have a query you're creating from user-entered data, and it's failing, then check for failure when you query and print it. $sql = "INSERT INTO blogcomment(blog_id, Date, Username, Comment) VALUES(" . $validentry . ", NOW(), '" . $_POST['name'] . "', '" . $_POST['comment'] . "');"; if (!mysql_query($sql)) { die("query failed: $sql " . mysql_error()); } Also spend some time on the net googling "SQL Injection" before your database gets pwn3d. Quote Link to comment https://forums.phpfreaks.com/topic/240097-problem-inserting-data-into-mysql-database/#findComment-1234087 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.