Suneel Jituri Posted February 6, 2016 Share Posted February 6, 2016 Hi all,I am using htmlspecialchars() function for form submitting. But when I press submit button after filing the form. I encountered an error as:ForbiddenYou don't have permission to access /Proj_1/< on this server.But when I remove the above htmlspecialchars() function then all goes smoothly. Please tell me how to solve this problem.My code:<!DOCTYPE html><html> <head> <title>Signup form</title> <style> body {background-color:lightblue} h2 {color:blue} p {color:green} th, td { padding : 25px; } div#page { width: 500px; float: left; margin-left: 500px; margin-top: 40px; padding-top: 10px; padding-bottom: 20px; box-shadow: 10px 10px 20px 3px #d4d4d4; border-radius: 10px; background-color: #ffffff; } </style> </head> <body> <h2 style="text-align:center">Please fill up the signup form, all fields are mandatory.</h2> <div> </div> <div id="page"> <table> <form method = "post" action="<?php echo htmlspecialchars($_SERVER['signup.php']);?>"> // this piece of code has problem <tr> <td>Select title:</td> <td><select name ="htitle"> <option value = "mr." selected> Mr.</option> <option value = "miss" > Miss</option> <option value = "ms." > Ms.</option> <option value = "dr." > Dr.</option> </select></td> <tr> <td>First Name:</td> <td><input type="text" name= "hfname" autofocus></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name= "hlname"></td> </tr> <tr> <td>E-mail address <strong>(This will be your login id)</strong>:</td> <td><input type="text" name= "hcuemail"></td> </tr> <tr> <td>Password <strong>(This will be your login password)</strong>:</td> <td><input type="Password" name= "hpsswd"></td> </tr> <tr> <td>Re-type password:</td> <td><input type="Password" name= "hrepsswd"></td> </tr> <tr> <td></td> <td><input type = "submit" value = "Submit" name = "hsubmit" ></td> <td><input type="reset" value="Reset"></td> <tr> </form> </table> </div> </body></html> Link to comment Share on other sites More sharing options...
dsonesuk Posted February 6, 2016 Share Posted February 6, 2016 That is invalid use of $_SERVER[] options are disbcribed here http://www.w3schools.com/php/php_superglobals.asp. Also, the form element should be placed outside of table, and you have missing or misplaced tr, td elements. Link to comment Share on other sites More sharing options...
Suneel Jituri Posted February 6, 2016 Author Share Posted February 6, 2016 Hi dsonesuk, thanks for your reply. As per your reply I have removed the $_SERVER[] super global veriable. I have also corrected the <tr> element and not find any missing or misplace <td> element. I used only: <form method = "post" action="<?php echo htmlspecialchars('signup.php');?>"> But its still giving the same error. And how can I take out the form elements from the table? Please show how to do it. The table is used to align the textboxes, buttons etc. in organized manner. Link to comment Share on other sites More sharing options...
dsonesuk Posted February 6, 2016 Share Posted February 6, 2016 (edited) You only use htmlspecialchars(), if you are using $_SERVER['PHP_SELF'] because it can be exploited to add JavaScript code by creating your own url to fictitious php files, or files on your server for hacking purposes, using 'singup.php' on its own means it will just go to that file when form is submitted. This is explained in the link further down the page. Tables: Any html content can ONLY be inserted into td cells, the elements that have opening <div>.... closing </div> CANNOT be separated and placed in individual td cells, because of this the only option for form element opening/closing tags is to place OUTSIDE the table <form> <table> table header, tr, td with html </table> </form> Edited February 6, 2016 by dsonesuk Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now