New Xampp Security Concept
Posted: 19. September 2009 01:16I am working on a pet project using PHP and MySQL (see my signature below for versions.)
I am creating a form with text fields. I want to take the text strings in the form fields and post them to a MySQL database. I've tested the insert query using just the strings and LAST_INSERT_ID() to enter the ID field and that is working fine.
My problem comes with using the $_POST[] global variable. I keep getting errors with it, so I just tried to use a simple echo command. Here is the code I'm using:
This is the form part of the HTML file where I create a text box, named "Form." Below it is a submit button.
-----------------------------------------------
<form method="post" action="<?php echo $_Server['PHP_SELF'] ?>">
<label>From: </label>
<input type="text" name="From" size="30" /></br>
<p id="button"><input type="submit" value="Submit" /></p></form>
--------------------------------------------------
The next part is the PHP code that calls the text captured in the text box and simply prints it to the page:
--------------------------------------------------------
<?php
$from = $_POST['From']
echo $from
?>
---------------------------------------------------------
What I get on the resulting webpage is this:
---------------------------------------------------
Access forbidden!
New XAMPP security concept:
Access to the requested object is only available from the local network.
This setting can be configured in the file "httpd-xampp.conf".
If you think this is a server error, please contact the webmaster.
Error 403
localhost
9/18/2009 3:11:36 PM
Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
-------------------------------------------------------------
I looked at the httpd-xampp.conf file and the only section that indicates where this error is coming from is this:
-------------------------------------------------------------
# New XAMPP security concept
#
<LocationMatch "^/(?i?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
------------------------------------------------------------------
I'm not sure what this means, but if there is something I can change here, please let me know.
Thanks,
Bliter
__________________
Apache 2.2.12
PHP 5.3.0
MySQL 5.1.37
I am creating a form with text fields. I want to take the text strings in the form fields and post them to a MySQL database. I've tested the insert query using just the strings and LAST_INSERT_ID() to enter the ID field and that is working fine.
My problem comes with using the $_POST[] global variable. I keep getting errors with it, so I just tried to use a simple echo command. Here is the code I'm using:
This is the form part of the HTML file where I create a text box, named "Form." Below it is a submit button.
-----------------------------------------------
<form method="post" action="<?php echo $_Server['PHP_SELF'] ?>">
<label>From: </label>
<input type="text" name="From" size="30" /></br>
<p id="button"><input type="submit" value="Submit" /></p></form>
--------------------------------------------------
The next part is the PHP code that calls the text captured in the text box and simply prints it to the page:
--------------------------------------------------------
<?php
$from = $_POST['From']
echo $from
?>
---------------------------------------------------------
What I get on the resulting webpage is this:
---------------------------------------------------
Access forbidden!
New XAMPP security concept:
Access to the requested object is only available from the local network.
This setting can be configured in the file "httpd-xampp.conf".
If you think this is a server error, please contact the webmaster.
Error 403
localhost
9/18/2009 3:11:36 PM
Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
-------------------------------------------------------------
I looked at the httpd-xampp.conf file and the only section that indicates where this error is coming from is this:
-------------------------------------------------------------
# New XAMPP security concept
#
<LocationMatch "^/(?i?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
------------------------------------------------------------------
I'm not sure what this means, but if there is something I can change here, please let me know.
Thanks,
Bliter
__________________
Apache 2.2.12
PHP 5.3.0
MySQL 5.1.37