Entering $_POST into html form is causing 403 Forbidden error
Question
I have done comment section on my website:
<form method="post" name="dodawanieKomentarzy">
<div>Your Name:</div>
<div><input type="text" name="autor" required></div>
<div>Message:</div>
<div><textarea name="komentarz" required></textarea></div>
<div><input type="submit" value="Add comment" name="Dodaj"></div>
</form>
and PHP:
<?php
$pdo=new PDO('mysql:host=localhost;dbname=my_dbase_name',
'my_dbase_login','my_dbase_passw',[PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8mb4"]
);
if(isset($_POST['Dodaj'])) {
$data=strftime("%Y-%m-%d %X");
$pdo->prepare("INSERT INTO komentarze VALUES (NULL,?,?,?,'')")->execute([$data,$_POST['autor'],$_POST['komentarz']]);
};
?>
Everything works (I can insert normal text (for example :'This is comment'), but when I insert for example: '$_POST' to text field, I've got 403 Forbidden error. I don't see what is wrong with the code, so I would appreciate if you could help me out.
2 answers
solution1
0
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";
if(isset($_POST['Dodaj'])) {
try {
$pdo=new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$data=strftime("%Y-%m-%d %X");
$author = $_POST['autor'];
$komentarz = $_POST['komentarz'];
$insert_query = $pdo->prepare("INSERT INTO komentarze (`autor`,`komentarz`) VALUES ('".$author."', '".$komentarz."' )");
$insert_query->execute();
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $insert_query . "<br>" . $e->getMessage();
}
}
?>
I hope this will work for you
solution2
-1 2016-10-14 11:15:42
You can try with variable like: $author= $_POST['autor']; $text = $_POST['komentarz']; $author= $_POST['autor']; $text = $_POST['komentarz']; then use $author and $text both to your query.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.