mercredi 15 juin 2016

403 error when inserting in mysql in some cases(working in 8 of 10 times)

I have two files for submiting(also updating) in mysql database. The first one contains the forms for add/edit and delete actions. I determine which action to be done with $_GET variable. After the form is submitted I have second file which contains the query. Let's say I want to edit a category. I get the category's Id and the action which I want(in the case "edit") and pass it to action.php(by URL). Then action.php does its job and passes all the needed information to commit.php(the second file).

On test server everything works. That's how I know the code works.

BUT on the client's server something goes wrong:

I have 10 categories inserted in the database(from the developing period of the website). The client wants to edit these categories. In 8 out of 10 times he doesn't have problem editting. ONLY with two categories a 403 error is dispalyed.

I made some tests to see what is so different with these categories. First I changed the Id of one of them - didn't help. Then I tried to see if on our server there would be problems - no problems at all, everything works. Then I tried to add new category to see if the code works - I managed to add, edit and delete new category.
After that I tried with different names of the two categories and that's where everything is weird.
For example - the first category is called "Something, something and something equipment" (the category name is in bulgarian, english and russian). When I type "Something, something and something" it is submitted, when I type "Something equipment" - submitted, "Something, something and something" - also submitted. The whole phrase gives me 403 - Forbidden access to commit.php. The second category also have the word equipment in its name. I'm kind of new to mysql/php and I don't have an idea what is the problem.

Is it an .htaccess file(I checked - there is no .htacces file at the moment), is it my code(tested on our server/host - works), is it some reserved word in mysql(the problem occurs in the bulgarian translation) or is it somewhere else entirely? And why would I get 403 error insted of php error(assuming the problem is in the code)?

I'm posting code from action.php and commit.php action.php

if ($_GET['action'] == 'edit') {
        ?>
            <form action="commit.php?action=<?php echo $_GET['action']; ?>&id=<?php echo $_GET['id']; ?>" method="post">
                <?php
                    foreach($_configArr["langOption"] as $lang) 
                    { 
                        if ($lang == "BG") {    
                ?>
                        <div class="language"><?=$lang?></div>
                        <div class="itemTitle">Име на категорията</div>
                        <input type="text" name="name<?=$lang?>" value="<?=$catBG?>">
                        <div class="itemTitle">Описание на категорията</div>
                        <textarea name="desc<?=$lang?>"><?=$descBG?></textarea>
                <?php
                        }elseif($lang == "EN"){
                ?>
                        <div class="language"><?=$lang?></div>
                        <div class="itemTitle">Име на категорията</div>
                        <input type="text" name="name<?=$lang?>" value="<?=$catEN?>">
                        <div class="itemTitle">Описание на категорията</div>
                        <textarea name="desc<?=$lang?>"><?=$descEN?></textarea>
                <?
                        }elseif($lang == "RU"){
                ?>
                        <div class="language"><?=$lang?></div>
                        <div class="itemTitle">Име на категорията</div>
                        <input type="text" name="name<?=$lang?>" value="<?=$catRU?>">
                        <div class="itemTitle">Описание на категорията</div>
                        <textarea name="desc<?=$lang?>"><?=$descRU?></textarea>
                <?
                        }
                    }
                ?>
                <input type="submit" class="submit" name="submit" value="<?php echo $action ?>">
                </form>
<?
}
?>

commit.php

$id = $_GET['id'];

function test_data($data) {

    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);

    return $data;
}

switch($_GET['action']){
    case 'add';
case 'edit':
                $nameBG = test_data($_POST['nameBG']);
                $nameEN = test_data($_POST['nameEN']);
                $nameRU = test_data($_POST['nameRU']);
                $descBG = test_data($_POST ['descBG']);
                $descEN = test_data($_POST ['descEN']);
                $descRU = test_data($_POST ['descRU']);
        $sqlCommit = "UPDATE Categories 
                    SET 
                        CatNameBG = ?,
                        CatNameEN = ?,
                        CatNameRU = ?,
                        CatDescriptionBG = ?,
                        CatDescriptionEN = ?,
                        CatDescriptionRU = ? 
                    WHERE 
                        CatId = ?";

        if($stmtCommit = $db -> prepare($sqlCommit)){

            $stmtCommit -> bind_param('ssssssi',
                                $nameBG, $nameEN, $nameRU, $descBG, $descEN, $descRU, $id);

        }else{
            echo "Error: " . $db->error;
        }

        break;

Please keep in mind that these are excerpts and I'm new to these material. Some help in understanding the problem will be very appreciated.

Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)