php bind_param Forbidden

Question

php bind_param Forbidden

Asked 5 years, 4 months ago

Viewed 24 times

0

I need to do the insert of the contents made in the editor summernote.

Only that the bind_param is blocking because the editor generates html content. Example:

<p style="text-align: center; "><b>Titulo</b></p>

Then when I do Submit, this message appears:

Error: Forbidden: You don’t have permission to access /file.php.

How to allow the bind_param allow insertion?

My code:

if ((isset($_POST["form"])) && ($_POST['form'] == "form1")) {
  $rs = $mysqli->prepare("INSERT INTO contratos (nomeContrato, texto, dataModificado) VALUES (?, ?, ?) ");

  $rs->bind_param('sss',
    $_POST['nomeContrato'],
    $_POST['texto'],
    $_POST['dataModificado']
    );

  $rs->execute();


  if ($rs->errno) {
    echo 'Erro: ', $rs->error;
  } else {
    echo "<script>window.location='sucesso.php'</script>";
  }
}

What makes you think it’s the bind_param that is blocking access to the file?

– Woss

2019/07/17 at 18:02
Because when I send text without any formatting insert works.

– Tiago

2019/07/17 at 18:26
You can see it in the log file or mysqli_error whether there has been any specific error?

– Woss

2019/07/17 at 18:32
I use ini_set('display_errors',1); ini_set('display_startup_erros',1); error_reporting(E_ALL); And nothing shows up.

– Tiago

2019/07/17 at 18:41
@Andersoncarloswoss if you do not miss the memory, there is a function that modifies tags so that they are sent to mysql, but I do not remember the name. If I remember correctly she puts a backslash \ to override the code.

– Tiago

2019/07/18 at 12:59
1

Tiago, the name of this function is htmlentities

– Woss

2019/07/18 at 19:04

Show 1 more comment

No answers

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.