Set up all the test enviorns I could... no change, no clue.
No .htaccess to block any transactions.. at least what I could see up to the root level.
Get the following in the url, before even getting to the update /insert coding I'm wanting to do.
(end of coding line.
admin/%3C?BS();?%3E
Calling code that *seems* to be calling it:
Expand|Select|Wrap|Line Numbers
- echo "<td>";
- echo "<a href='Invoice.php?id=$id'>View Invoice</a><br/><br/>\n";
- echo "<a href='Packing.php?id=$id'>Packing Slip</a><br/><br/>\n";
- echo "<input name='sub17' type='submit' value='Update Data'></form>";
- echo "</td>";
- echo "</tr>\n";
Simplistic update statement in the "BS" function:
Expand|Select|Wrap|Line Numbers
- $upShi="UPDATE ActualShipping SET OrderID=$id,actualShipCost=$ASC,trackingNbr='$trNum'";
Expand|Select|Wrap|Line Numbers
- $Ishi="INSERT INTO ActualShipping (OrderID,actualShipCost,trackingNbr)
- VALUES=($id,$ASC,'$trNum')";
Get the ugly FORBIDDEN error.
Any ideas?? Wheels are spinning, not going anywhere, about ready to fall off.
thanks heaps (hopefully)