0

Hi there I have a form that send my data from admin panel. it has one input that represent title of my site

<form class="form-horizontal form-bordered" enctype="multipart/form-data" method="POST">
        <input type="hidden" id="do" name="do" value="save">
        <input value="site title" type="text" class="form-control" id="sitename" name="sitename" placeholder="">
        <button type="submit" class="btn btn-success">save</button>
</form>

and use this to submit the form in my database

switch($_GET['do'])
    {
        default:

            $this->updateSettings( array(
                   'sitename' => $this->secureInput($_POST['sitename'])
                                        ) );        
        break;
}

public function updateSettings($settingsArr)
{

    foreach($settingsArr as $varname => $value)

        $this->query("UPDATE ".TP."settings SET value = '$value' WHERE varname = '$varname'");

}

this form works fine if I entered an english title in the input but if I entered arabic title in it, it give me a page

Forbidden You don't have permission to access /adminpanel on server

how to solve this problem

7AMOOOD
  • 9
  • 1
  • 6
  • try with : $this->query("UPDATE ".TP."settings SET value = ' ".$value." ' WHERE varname = ' ".$varname." ' "); – Sachin Aug 21 '19 at 13:54
  • 1
    What does `secureInput()` do? – empiric Aug 21 '19 at 13:55
  • If anything went fatally wrong in your code, then you should probably rather get a 500 Internal Server Error. So this might(!) be something else interfering, before it even comes to execution of your own script. Check with your server admin / hoster, if anything filtering for “bad” input might happen on that level maybe. – misorude Aug 21 '19 at 13:56
  • What's up with the `switch()`? It's seem a bit redundant. – M. Eriksson Aug 21 '19 at 14:14
  • @Sachin I think it does not require this it works for english well – 7AMOOOD Aug 21 '19 at 14:43
  • @empiric public function secureInput($input, $html = true) { return $this->db()->escape_string( !$html ? $input : strip_tags($input) ); } – 7AMOOOD Aug 21 '19 at 14:43
  • @misorude .i am using this function to input parameters to database... public function secureInput($input, $html = true) { return $this->db()->escape_string( !$html ? $input : strip_tags($input) ); } – 7AMOOOD Aug 21 '19 at 14:46
  • @MagnusEriksson . i am using more than on page for setting page there are more cases but i removed because it does not matter in my problem – 7AMOOOD Aug 21 '19 at 14:48
  • can you echo this value UPDATE ".TP."settings SET value = '$value' WHERE varname = '$varname' and then run this in your phpmyadmin. let see if its update from direct phpmyadmin or not. – Sachin Aug 22 '19 at 10:00
  • @Sachin i used this in php my admin UPDATE `c4p_settings` SET `value` = 'دورات تدريبية' WHERE `varname` = 'sitename' and it works fine – 7AMOOOD Aug 22 '19 at 11:41

1 Answers1

1

it works fine when i updated the charset of column 'value' in 'c4p_settings' table to utf8_general_ci and use the following formula

$this->query("UPDATE ".TP."settings SET value = ' ".$value." ' WHERE varname = ' ".$varname." ' ");

instead of this formula

$this->query("UPDATE ".TP."settings SET value = '$value' WHERE varname = '$varname'");

thanks to @Sachin

7AMOOOD
  • 9
  • 1
  • 6