I have a JavaScript function that send data to a PHP file and get result from that file
here is my function
function sendForm(formData , url , callBack){
let form_data = new FormData(document.querySelector(formData));
let r = new XMLHttpRequest();
r.open("POST", url , true);
r.send(form_data);
r.onreadystatechange = function () {
if (r.readyState != 4 || r.status != 200)return;
// this method let us to use result out of function scope
if(callBack) callBack(r.responseText);
};
}
this function get id or classname of a form , url of the page to post data , a callback for further actions
now the problem is if any of my form fields contains this string ("UNION SELECT") nothing happens and i'll get an error (Failed to load resource: the server responded with a status of 403 ()) in (r.send(form_data)) line
please help me ,Thanks
This has nothing to do with your client-side code.
The server is just recognising that string and rejecting it.
This is likely caused by a security feature on the server aggressively defending against SQL Injection attacks. Possibly even this rule.