Hi,
I developed a User Registration form but I wanted to check that the username and email address already existed in a table. That is, I only want members of my organisation to be able to register.
So I placed a Custom Server side validation in the Submit Action and added the following:
As soon as I save the form I get the error message : 403: Access Forbidden Attempted SQL injection in POST
What could cause this and is there a way to avoid it?
Cheers
Tim
I developed a User Registration form but I wanted to check that the username and email address already existed in a table. That is, I only want members of my organisation to be able to register.
So I placed a Custom Server side validation in the Submit Action and added the following:
<?php
$db =& JFactory::getDBO();
$query = "
SELECT COUNT *
FROM `#__glid_chronoforms_data_Member_Profile`
WHERE `Member_Nbr` = '{$form->data['input_username]}' AND
'Email' = '{$form->data['input_email']} ;
";
$db->setQuery($query);
$count = $db->loadResult();
if ( $count = 0 ) {
$form->validation_errors['client_id'] = "Member Nbr or Email does not exist, or do not match.";
return false;
}
?>
As soon as I save the form I get the error message : 403: Access Forbidden Attempted SQL injection in POST
What could cause this and is there a way to avoid it?
Cheers
Tim