某些带有括号的字符串会导致Ajax POST操作失败，并显示403错误（禁止）

Question

When attempting to add an entry to a database via a form submission using Ajax, certain strings containing parenthesis will cause the POST operation to fail, but not in a consistent way.

The relevant POST operation looks like this:

$.ajax(
{
  type: "POST",
  url: "SubmitAnswer.php",
  data: datastring,
  dataType: "json",
  cache: false,
  success: function(data)
  {
    ...
  }
}

The datastring contains a bunch of stuff including a string containing a mathematical expression. If that string contains parenthesis, in certain very specific cases, it will cause the POST operation to fail with a 403 error when the Submit button is clicked.

Here are some examples of mathematical expression strings that cause a problem:

(A-B)*C
(A*B)*(C*D)

Here are some examples of mathematical expression strings that do NOT cause a problem:

(A+B)*C
A*(B-C)
(A*B)+(C*D)

It's almost as though certain permutations trip some kind of "protection" flag preventing them from being posted to the database? Or some kind of bizarre parsing error?

Answer 1

Doesn't look like you are correctly encoding the keys and / or values in datastring for use in an application/x-www-form-urlencoded request payload.

My advice, let jQuery do the encoding by passing an object, eg

$.ajax({
  method: 'POST',
  url: 'SubmitAnswer.php',
  dataType: 'json',
  data: {
    edition_id: edition_id,
    nickname: nickname,
    answer: answer,
    email_address: email_address
  }
})

Answer 2

Ok, so following Phil's advice, I checked the server logs to get more information on the 403 error those very specific strings were causing and the problem has to do with those strings being "seen" as SQL injection attacks by a security mechanism on the server. I'll post a new question on how that can be addressed (apparently there is an exception list that you can configure) as that is a very different question than the original.