I've done it before... on a different site.
Set up all the test enviorns I could... no change, no clue.
No .htaccess to block any transactions.. at least what I could see up to the root level.
Get the following in the url, before even getting to the update /insert coding I'm wanting to do.
(end of coding line.
admin/%3C?BS();?%3E
Calling code that *seems* to be calling it:
[code=php]
echo "<td>";
echo "<a href='Invoice.p hp?id=$id'>View Invoic e</a><br/><br/>\n";
echo "<a href='Packing.p hp?id=$id'>Pack ing Slip</a><br/><br/>\n";
echo "<input name='sub17' type='submit' value='Update Data'></form>";
echo "</td>";
echo "</tr>\n";
[/code]
Have something similar in three othere files, but on a different host.
Simplistic update statement in the "BS" function:
[code=php] $upShi="UPDATE ActualShipping SET OrderID=$id,act ualShipCost=$AS C,trackingNbr=' $trNum'";[/code]
Just to give INSERT its due, I tried it and got the same exact error with the same exact gobbly gook
[code=php] $Ishi="INSERT INTO ActualShipping (OrderID,actual ShipCost,tracki ngNbr)
VALUES=($id,$AS C,'$trNum')";[/code]
[Please use CODE tags when posting source code. Thanks! --pbmods]
Get the ugly FORBIDDEN error.
Any ideas?? Wheels are spinning, not going anywhere, about ready to fall off.
thanks heaps (hopefully)
Set up all the test enviorns I could... no change, no clue.
No .htaccess to block any transactions.. at least what I could see up to the root level.
Get the following in the url, before even getting to the update /insert coding I'm wanting to do.
(end of coding line.
admin/%3C?BS();?%3E
Calling code that *seems* to be calling it:
[code=php]
echo "<td>";
echo "<a href='Invoice.p hp?id=$id'>View Invoic e</a><br/><br/>\n";
echo "<a href='Packing.p hp?id=$id'>Pack ing Slip</a><br/><br/>\n";
echo "<input name='sub17' type='submit' value='Update Data'></form>";
echo "</td>";
echo "</tr>\n";
[/code]
Have something similar in three othere files, but on a different host.
Simplistic update statement in the "BS" function:
[code=php] $upShi="UPDATE ActualShipping SET OrderID=$id,act ualShipCost=$AS C,trackingNbr=' $trNum'";[/code]
Just to give INSERT its due, I tried it and got the same exact error with the same exact gobbly gook
[code=php] $Ishi="INSERT INTO ActualShipping (OrderID,actual ShipCost,tracki ngNbr)
VALUES=($id,$AS C,'$trNum')";[/code]
[Please use CODE tags when posting source code. Thanks! --pbmods]
Get the ugly FORBIDDEN error.
Any ideas?? Wheels are spinning, not going anywhere, about ready to fall off.
thanks heaps (hopefully)
Comment