I made a website for snippets and I want to insert text codes like sql, or something like this in mysql, if i put in textarea SELECT or $_SESSION['id_user'];
I get error 403, for codes like CSS or JavaScript works. This is my code:
$mysqli->set_charset('utf8');
$code = $mysqli->escape_string($_POST['code']);
if(isset($_POST['newSnippet']) && $_POST['code'] != '') {
$sqlAddSnipp = "INSERT INTO something3 (...)"
. "VALUES ('$code')";
mysqli_query($mysqli, $sqlAddSnipp);
}
and here is my html
<form method="POST" action="" class="col">
<div class="col mb-4">
<h5>Add Snippet</h5>
<textarea name="code" rows="10" class="col"></textarea>
</div>
<div class="col-3 my-1">
<input type="submit" class="btn btn-lg btn-block btn-outline-info" name="newSnippet" value="Create new snippet" />
</div>
</form>
what am I doing wrong?
EDIT
examples
<textarea name="code" rows="10" class="col">SELECT</textarea>
<textarea name="code" rows="10" class="col">$_SESSION['id_user'];</textarea>
Comments
Post a Comment