Form 404s whenever someone types 'phpmyadmin' into it?!?!

HairyArse

Hi guys, got a really unusual problem.

I'm creating a message forum and so far everything is going ok.

I'm just working on the validation of some forms and got a really bizarre problem. If you enter the string 'phpmyadmin' into the main text area on one of the forms, when you click submit the page 404s and the data doesn't get uploaded.

The only process I'm applying is to to remove all tags apart from <br> and to add slashes.

So can anyone think why this happens?

suntra

No code, no help ! 😉

bradgrafelman

As suntra said, a snippet of the code involved would be helpful to diagnose the problem. Also, if you can provide it, an URL would be nice, too.

HairyArse

Good point!

Ok the field is POSTED as $reply_text and I do the following to it:

$reply_text = $_POST['frm_reply_text'];
$reply_text = addslashes($reply_text);
$reply_text=nl2br($reply_text);
$reply_text = wordwrap($reply_text, 150, "\n");

//strips all html tags from the string the user entered with <br/> and <br> as the only exception
$reply_text = strip_tags("$reply_text","<br><br/>");


//replace friendly html (i.e. with square brackets) with proper html
$reply_text = str_replace('[b]','<b>',"$reply_text");
$reply_text = str_replace('[B]','<b>',"$reply_text");
$reply_text = str_replace('[i]','<i>',"$reply_text");
$reply_text = str_replace('[I]','<i>',"$reply_text");
$reply_text = str_replace('[u]','<u>',"$reply_text");
$reply_text = str_replace('[U]','<u>',"$reply_text");
$reply_text = str_replace('[/b]','</b>',"$reply_text");
$reply_text = str_replace('[/i]','</i>',"$reply_text");
$reply_text = str_replace('[/u]','</u>',"$reply_text");
$reply_text = str_replace('[/B]','</b>',"$reply_text");
$reply_text = str_replace('[/I]','</i>',"$reply_text");
$reply_text = str_replace('[/U]','</u>',"$reply_text");
$reply_text = str_replace('[LINK]','<a class= "forumlink" href=" ',"$reply_text");
$reply_text = str_replace('[/LINK]','" target="_blank">Linky</a>',"$reply_text");
$reply_text = str_replace('[link]','<a class="forumlink" href=" ',"$reply_text");
$reply_text = str_replace('[/link]','" target="_blank">Linky</a>',"$reply_text");

HairyArse

The URL is:

http://www.allaboutthegames.net/forum/forum_thread.php?thread_id=3

But you would have to register to post - but you can log in using the test account.

Username GOD password godlike2k5

HairyArse

Just realised my code didn't paste in very well:

The str_replace lines are supposed to replace [ b ] with < b > etc...

Weedpacket

Try using [php]...[/code] tags to post PHP next time; you'll have better luck (incidentally, you do know that str_replace() can take arrays for arguments, right?).

...and then what do you do with $reply_text?

HairyArse

$reply_text is simply added to the database along with the other fields I've POSTED too - obviously I only pasted in the bits I thought you needed as the whole page is 303 lines of code.

MarkR

Your systems administrator has presumably installed some kind of request scanner on to the server which is run before PHP.

This could be something like mod_security

However, their rule set is configured poorly so that it generates false positives.

Contact your sysadmin to have a more reasonable rule set installed.

Mark

HairyArse

Mark - the PHP server is configured by my domain host. Is that still likely to be the root of the problem?

/can foresee phoning tech support and getting blank clueless replies