我已经看过这个问题,但似乎无法为我找到解决方案。
我有一个简单的数据库用于存储/查看联系人详细信息,我想为每个联系人存储大量的URL。
编辑:我现在修改了我的脚本,这里是我现在使用的代码: html表单:
<title>DDD Artist Entry</title>
<link href="/ddd/main.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div align="center"> <!-- main centre -->
<p></p>
<p>Add a new artists details here</p>
<p></p>
<table class="main_page extra_pad border" width="100%" border="0">
<tr>
<td valign="top">The Basics</td>
<td>
<form name="newent" id="newent" method="post" action="newent_handle.php">
<p>First Name: <input type="text" name="fname" required="required"></p>
<p>Last Name: <input type="text" name="lname" required="required"></p>
<p>Alias: <input type="text" name="alias"></p>
<p>E-mail: <input type="email" name="email" size="32" required="required"></p>
</td>
</tr>
<tr>
<td valign="top">Social Media</td>
<td>
<p>PayPal Email: <input type="email" name="ppemail" size="32"></p>
<p>Website: <input type="text" name="website" size="64"></p>
<p>F.B. Name: <input type="text" name="fbident" size="64"></p>
<p>F.B. Fan Page: <input type="text" name="fb_fanpage" size="64"></p>
<p>Twitter: <input type="text" name="twitter" size="64"></p>
<p>Soundcloud: <input type="text" name="soundcloud" size="64"></p>
<p>MySpace: <input type="text" name="myspace" size="64"></p>
<p>HearThis: <input type="text" name="hearthis" size="64"></p>
<p>YouTube: <input type="text" name="youtube" size="64"></p>
<p>BeatPort: <input type="text" name="beatport" size="64"></p>
<p>Instagram: <input type="text" name="instagram" size="64"></p>
<p>ReverbNation: <input type="text" name="reverbnation" size="64"></p>
<p>Tumblr: <input type="text" name="tumblr" size="64"></p>
<p>BandCamp: <input type="text" name="bandcamp" size="64"></p>
</td>
</tr>
<tr>
<td colspan="2">
<!-- <p>Comments: <input type="text" name="comments"></p> -->
<p align="center"><input name="enter" type="submit" value="Put them in!">
</form></p>
</td>
</tr>
</table>
<p> </p>
<p> </p>
</div><!-- main centre -->
</body>
</html>
现在这里是它传递给
的处理程序脚本<?PHP
// ------- DDD new artist entry HANDLER SCRIPT -------
$con = mysqli_connect("localhost", "user", "pw", "db") or die(mysqli_error());
// Let's get the text from the form, we escape string for anti-sql-injection. Nice.
$fname = mysqli_real_escape_string($con, $_POST['fname']);
$lname = mysqli_real_escape_string($con, $_POST['lname']);
$alias = mysqli_real_escape_string($con, $_POST['alias']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$ppemail = mysqli_real_escape_string($con, $_POST['ppemail']);
$website = mysqli_real_escape_string($con, $_POST['website']);
$fbident = mysqli_real_escape_string($con, $_POST['fbident']);
$fb_fanpage = mysqli_real_escape_string($con, $_POST['fb_fanpage']);
$twitter = mysqli_real_escape_string($con, $_POST['twitter']);
$soundcloud = mysqli_real_escape_string($con, $_POST['soundcloud']);
$myspace = mysqli_real_escape_string($con, $_POST['myspace']);
$youtube = mysqli_real_escape_string($con, $_POST['youtube']);
$hearthis = mysqli_real_escape_string($con, $_POST['hearthis']);
$beatport = mysqli_real_escape_string($con, $_POST['beatport']);
$instagram = mysqli_real_escape_string($con, $_POST['instagram']);
$reverbnation = mysqli_real_escape_string($con, $_POST['reverbnation']);
$tumblr = mysqli_real_escape_string($con, $_POST['tumblr']);
$bandcamp = mysqli_real_escape_string($con, $_POST['bandcamp']);
//$comments = mysqli_real_escape_string($con, $_POST['comments']);
// insert the appropriate records
$artist_insert = "INSERT INTO artists";
$artist_insert.= " (artist_fname,"; // 1
$artist_insert.= " artist_lname,"; // 2
$artist_insert.= " artist_alias,"; // 3
$artist_insert.= " artist_email,"; // 4
$artist_insert.= " artist_ppemail,"; // 5
$artist_insert.= " artist_website,"; // 6
$artist_insert.= " artist_fbident,"; // 7
$artist_insert.= " artist_fb_fanpage,"; // 8
$artist_insert.= " artist_twitter,"; // 9
$artist_insert.= " artist_soundcloud,"; // 10
$artist_insert.= " artist_myspace,"; // 11
$artist_insert.= " artist_youtube,"; // 12
$artist_insert.= " artist_hearthis,"; // 13
$artist_insert.= " artist_beatport,"; // 14
$artist_insert.= " artist_instagram,"; // 15
$artist_insert.= " artist_reverbnation,"; // 16
$artist_insert.= " artist_tumblr,"; // 17
$artist_insert.= " artist_bandcamp,"; // 18
$artist_insert.= " artist_date)"; // 19
$artist_insert.= " VALUES";
$artist_insert.= " ('$fname',"; // 1
$artist_insert.= " '$lname',"; // 2
$artist_insert.= " '$alias',"; // 3
$artist_insert.= " '$email',"; // 4
$artist_insert.= " '$ppemail',"; // 5
$artist_insert.= " '$website',"; // 6
$artist_insert.= " '$fbident',"; // 7
$artist_insert.= " '$fb_fanpage',"; // 8
$artist_insert.= " '$twitter',"; // 9
$artist_insert.= " '$soundcloud',"; // 10
$artist_insert.= " '$myspace',"; // 11
$artist_insert.= " '$youtube',"; // 12
$artist_insert.= " '$hearthis',"; // 13
$artist_insert.= " '$beatport',"; // 14
$artist_insert.= " '$instagram',"; // 15
$artist_insert.= " '$reverbnation',"; // 16
$artist_insert.= " '$tumblr',"; // 17
$artist_insert.= " '$bandcamp',"; // 18
$artist_insert.= " NOW())"; // 19
var_dump($artist_insert);
die();
?>
问题:
我可以用fname,lname,别名,电子邮件和ppemail填写表单,也可以在第一个网站上填写一个http网址&#39;框和我的var_dump给了我一个sql语句。但是,如果我填写上面的详细信息并在下一个框中放入一个sectond http地址,那么我会收到一条错误,内容如下:
禁止
您无权访问/ddd/newent_handle.php 服务器
此外,尝试时遇到403 Forbidden错误 使用ErrorDocument来处理请求。
我已经多次与我的服务器用户说过了,他们说我的所有权限都设置正常。我的服务器错误日志中也没有出现任何内容。
奇怪的是,我可以使用随机按键测试数据填写整个表单,它可以正常工作,但是当我尝试使用网址时,我一直收到此错误。 为了让事情变得更加疯狂,它将在“网站”中使用一个网址。字段或youtube字段,但不包括beatport字段或某些其他字段。
脚本看起来很简单,我即将饶恕。 谁能看到或暗示任何事情? 非常感谢。
答案 0 :(得分:0)
感谢您的回复和提供该信息。我有 继续前进并复制了你得到的错误。看起来像 这是由于ModSecurity。我会把这张票升级到我们的 二线技术人员,看看是否可以做出例外。
让我烦恼的是我应该做一个例外,但如果它有用的话,嘿。
编辑:它最终得到修复,以供参考:
我已经添加了mod-security规则。规则是340163和340163.你 可以了解更多有关这些规则的信息。
https://wiki.atomicorp.com/wiki/index.php/WAF_340162
这些规则中的大多数都运行良好但偶尔会有一些页面被绊倒 不正确所以我们添加了一个例外。