Hi, I've got this problem with a form. It's a pretty simple form with two fields - one text, one textarea but if the textarea contains the word 'set' within any of the text it gives a 403 forbidden error page. If the word set is in the textarea it doesn't cause the same error.
I'm guessing this is down to the server thinking it's attempting SQL injection but I can't find any way to get around it, it's probably something very simple to get around it but I could use the help of a wiser head in spoon feeding me what it is haha.
The form code is
<form action="savepost.php" method="post">
<strong>Post Title:</strong><br /><input type="text" name="sb_posttitle" maxlength="55" tabindex="1" class="txt"><br /><br />
<textarea name="sb_posttext" id="sb_posttext" rows="20" tabindex="2"></textarea><br />
<input type="submit" name="submit" value="Save New Blog Post" tabindex="3">
</form>
And the php code for saving to the database is...
$host="localhost";
$db="dbname";
$user="username";
$pwd="password";
// db, user and pass obviously changed for here
$timestamp = time();
$dbC = mysql_connect($host,$user,$pwd);$sql = "INSERT INTO articles (id,blogger_id,submitted,title,article,viewed) VALUES ('','{$_SESSION[blogger_id]}','{$timestamp}','{$_POST[sb_posttitle]}','{$_POST[sb_posttext]}','');";
mysql_select_db($db, $dbC);
$result = mysql_query($sql, $dbC) or die(mysql_error());
if ($result) {
// success
} else {
// failure
}
mysql_close($dbC) or die("Error: ".mysql_error());
