403 Forbidden when writing data to a form

Question

403 Forbidden when writing data to a form

Navigation

#1 by (1 votes)
#2 by (0 votes)
#3 by (0 votes)

4

I have a field in the form that allows html tags. If you insert the following line in the field and submit the form, it returns the error 403 forbidden:

<span style="display: none">&nbsp;</span>

But if you insert the line with single quotation marks, the error no longer happens:

<span style='display: none"'>&nbsp;</span>

Does anyone know what's going on? It is not an error when working with the field in php, because I made a die("teste") before any $_POST and even then the error is returned in the first option.

UPDATE:

I changed the form's action to a PHP file that contains only the code below and still returns 403 forbidden. Anyone have any idea what that might be?

<?php echo "teste"; ?>

UPDATE:

According to the technician, the error occurs because an anti-spam server lock is activated.

Regra 300076, antispam content.

Is there a way to get around this in php, or just turning off the rule?

php apache

asked by anonymous 18.03.2014 / 13:19

3 answers

Is there a function in PHP that simulates a LEFT JOIN? Set values or not in c ++ variables

score 1 · Answer 1

1

Try using the htmlspecialchars function:

<?php
  htmlspecialchars($variavel)
?>

18.03.2014 / 13:44

score 0 · Answer 2

I'm not a php enthusiast, but I'm pretty sure that when PHP reads it it transforms into a string:

"<span style="display: none">&nbsp;</span>"

That's why style should be with its values in single quotation marks to be converted:

"<span style='display: none'>&nbsp;</span>"

As our dear friend @rafaelcpalmeida quoted you can use the htmlspecialchars function.

score 0 · Answer 3

Anyway, your second choice with single quotes is incorrect:

<span style='display: none"'>&nbsp;</span>

It has a " passing there. The correct would be:

<span style='display: none'>&nbsp;</span>

Perhaps the problem is when you save this data in the database. If it is and you use MySQL , use the mysql_real_escape_string($html_aqui) function.

I did a little test / example here, and everything worked correctly. I do not think the problem is just that.

Remembering that I used the POST method

form.php

<!doctype html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Form tag</title>
</head>
<body>

  <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { ?>
    <strong>$_POST:</strong>
    <pre><?php echo var_dump($_POST); ?></pre>
  <?php } ?>

  <form action="formtag.php" method='POST'>
    <input type="text" name='tag'>
    <button type="submit">Go!</button>
  </form>

</body>
</html>

response (html)

$_POST:
array(1) {
  ["tag"]=>
  string(41) ""
}

response (source)

array(1) {
  ["tag"]=>
  string(41) "<span style="display: none">&nbsp;</span>"
}

Could you post the complete code for your form?