setQuery($query);$count = $db->loadResult();if ( $count = 0 ) { $form->validation_errors['client_id'] = "Member Nbr or Email does not exist, or do not match."; return false;}?>As soon as I save the form I get the error message : 403: Access Forbidden Attempted SQL injection in POSTWhat could cause this and is there a way to avoid it?CheersTim"> 403: Access Forbidden Attempted SQL injection in POST - Forums

Forums

403: Access Forbidden Attempted SQL injection in POST

tshirley 04 May, 2014
Hi,

I developed a User Registration form but I wanted to check that the username and email address already existed in a table. That is, I only want members of my organisation to be able to register.

So I placed a Custom Server side validation in the Submit Action and added the following:

<?php
$db =& JFactory::getDBO();
$query = "
  SELECT COUNT *
    FROM `#__glid_chronoforms_data_Member_Profile`
    WHERE `Member_Nbr` = '{$form->data['input_username]}' AND
                  'Email' = '{$form->data['input_email']} ;
";
$db->setQuery($query);
$count = $db->loadResult();
if ( $count = 0 ) {
  $form->validation_errors['client_id'] = "Member Nbr or Email does not exist, or do not match.";
  return false;
}
?>


As soon as I save the form I get the error message : 403: Access Forbidden Attempted SQL injection in POST

What could cause this and is there a way to avoid it?

Cheers

Tim
tshirley 04 May, 2014
Answer
Apologies - this was an RS Firewall issue. The SQL Injection scan did not skip Chronoforms.

No need for reply.
This topic is locked and no more replies can be posted.