semicolon, CRUD sql keyword gives 403 error for POST jQuery

Question

function saveText(str) {
 $.post('test1ajax.php', {test1: str},
  function(data) {
   console.log('result: '+data);
  }
 ); 
}

The following inputs to saveText() (which sends the text using POST) give a 403 (Forbidden) result:

"test;INSERT xx" ";updateXx" "; delete12" 'TEST; select12'

So basically it contains a semicolon then a CRUD SQL keyword then at least 2 more characters.

My problem is similar to: AJAX post returns 403 (sometimes)

It seems to be a problem to do with my web host's configuration since it doesn't happen for many other people.

The PHP I'm calling is: var_dump($_POST);

score 0 · Answer 1 · answered Jul 17 '18 at 05:34

0

could you post more of your code please, if I try it like this I have no problem and get status 200:

str = ";inserted";
saveText(str);
function saveText(str) {
    $.post('test.php', {test1: str},
          function(data) {
            console.log(data);
            }
    );
}

From where do you get your str?

answered Jul 17 '18 at 05:34

Christopher Supertramp

263
1
7

I just type saveText("example; INSERTED") in the console. I'm sure it has something to do the host's configuration. My problem seems similar to https://stackoverflow.com/questions/47025132/ajax-post-returns-403-sometimes but I'm not at work now and can't test. BTW the php I'm calling just contains – Luke Wenke Jul 17 '18 at 08:44
I'll post screenshots like yours tomorrow when I can. BTW when it doesn't return 403 it returns 200 with the expected result from var_dump($_POST) – Luke Wenke Jul 17 '18 at 08:57

semicolon, CRUD sql keyword gives 403 error for POST jQuery

1 Answers1