localhost上的php错误:禁止访问! 错误403

I am following this php tutorial on windows7 using XAMPP.
It's a guest book tutorial that saves user entries into mysql & displays entries from db. when I enter data into form & submit it, browser shows this error msg

Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. If you think this is a server error, please contact the webmaster. Error 403 localhost Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7



Connect to DB Code

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "";
$dbDatabase = "myDB";

// Connect to DB

$li = new mysqli('localhost', 'root', '', 'myDB') or 
      die("Could not connect". mysqli_connect_error());
//mysql_select_db($dbDatabase, $li) or 
      die ("could not select DB". mysql_error());

Variables initialisation

// initiate some vars

$gb_str = "";   
// $gb_str is the string we'll append entries to
$pgeTitle = "View and Sign Guestbook";

Post request handling

// If form is submitted, then insert into DB
if (!empty($_POST["submit"])) {
    $name = $_POST["frmName"];
    $email = $_POST["frmEmail"];
    $comment = $_POST["frmComment"];
    $date = Date("Y-m-d h:i:s");

    $gb_query =     "insert into guestbook
            values(0, '$name', '$email', '$comment', '$date')";
    // Performs the $sql query on the server to insert the values
    if ($li->query($gb_query) === TRUE) {
        echo 'users entry saved successfully';
    else {
        echo 'Error: '. $li->error;
    $sql = mysql_query($gb_query);
    $res = mysql_affected_rows($sql);

    // See if insert was successful or not
    if($res > 0) {
        $ret_str="Your guestbook entry was successfully added.";
    } else {
        $ret_str = "Your guestbook entry was NOT successfully added.";

    // Append success/failure message
    $gb_str .= "<span class=\"ret\">$ret_str</span><BR>";

GuestBook list


$get_query = "select gbName, gbEmail, gbComment, 
              DATE_FORMAT(gbDateAdded, '%m-%d-%y %H:%i') gbDateAdded
              from guestbook";

$result = $li->query($get_query);
$gb_str .= "<hr size=\"1\">";

if ($result->num_rows > 0) {
    // output data of each row from $result
    while($row = $result->fetch_assoc()) {
    $name = $row["gbName"];
    $email = $row["gbEmail"];
    $comment = $row["gbComment"];
    $date = $row["gbDateAdded"];

    if(!empty($name)) {
        // If name exists and email exists, link name to email
        if(!empty($email)) {
            $name="by <a href=\"mailto:$email\">$name</a>";
    // If name does exist and email exists, link email to email     
    } else if (!empty($email)) {
        $name = "by <a href=\"mailto:$email\">$email</a>";
    } else {
        $name = "";

    // Append to string we'll print later on
    $gb_str .= "<br>$comment<p class=\"small\">
                posted on $date $name<hr size=\"1\">";


The HTML Page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
<SCRIPT language="javascript">

/* This function is pulled from a generic validation file from
some other site (probably developer.netscape.com) and strips out
characters you don't want */

function stripCharsInBag (s, bag) {
    var i;
    var returnString = "";

    // Search through string's characters one by one.
    // If character is not in bag, append to returnString.

    for (i = 0; i < s.length; i++)
        // Check that current character isn't whitespace.
        var c = s.charAt(i);
        if (bag.indexOf(c) == -1) returnString += c;
    return returnString;

// This function just makes sure the comment field is not empty

function valForm(frm) {
    badChars = "<[]>{}";
    if(frm.frmComment.value == "") {
        alert("Please fill in your comments for the guestbook.");
        return false;
    } else {
        frm.frmComment.value = stripCharsInBag(frm.frmComment.value, badChars);
        // These values may be empty, but strip chars in case they're not
        frm.frmName.value = stripCharsInBag(frm.frmName.value, badChars);
        frm.frmEmail.value = stripCharsInBag(frm.frmEmail.value, badChars);
        return true;


<BODY bgcolor="#FFFFFF">
<?php echo $gb_str; ?>

<form name="gb" action="<? echo $PHP_SELF;?>" method="post">
<table cellpadding="3" cellspacing="0" border="0">
    <td class="tdhead" valign="top" align="right">Name</td>
    <td valign="top">
      <input type="text" name="frmName" value="" size="30" 
    <td class="tdhead" valign="top" align="right">Email</td>
    <td valign="top">
      <input type="text" name="frmEmail" value="" size="30" 
    <td class="tdhead" valign="top" align="right">Comment</td>
    <td valign="top">
        <textarea name="frmComment" rows="5" cols="30"></textarea>
    <td> </td>
    <td><input type="submit" name="submit" value="submit" 
               onClick="return valForm(document.gb)">
        <input type="reset" name="reset" value="reset">


// Close MySQL Connection
doupa9062 phpmaster.com/building-your-own-url-shortener是非常好的链接和整个网站是学习PHP非常好的来源。但它没有前端,所以我可以看到事情是如何运作的。
大约 8 年之前 回复
dtxw20878 好的,我现在使用了MySqliapi,但它提出了相同的错误。我恢复的其他逃避的事情。
大约 8 年之前 回复
dongrouli2667 重新编写html代码中的转义引号:你拥有它的方式,它不需要被转义,但主题可能会更好作为一个完整的单独问题,而不是试图在这里的评论中填写答案。重新教程:尝试这个:phpmaster.com/building-your-own-url-shortener(它不是留言簿,但它是一个小型完整的自包含教程,使用现代最佳实践技术从中生成完整的工作系统从头到尾)
大约 8 年之前 回复
dream890110 此代码还有一些问题。在某些语句中,双重语句的反斜杠转义为:$gb_str。=“<spanclass=\”ret\“>$ret_str</span><BR>”;浏览器遇到问题并在窗口中显示源代码。我用单引号更改了所有转义的d-quotes,如$gb_str。=“<spanclass=\'ret\'>$ret_str</span><BR>”;它有一些问题吗?
大约 8 年之前 回复
dongtan6336 好吧,实际上我正在寻找一个简单的教程,它完成了一个小项目。我发现大多数其他东西都是ajax等。我想要一种纯粹的php-mysql项目,然后我还可以添加和练习我学到的其他PHP东西。你能为这样一个好项目提供一个链接吗?
大约 8 年之前 回复
duanji8615 总的来说,我强烈建议您停止使用该教程,并找到一个不能教授不良练习的最新教程。我在这里建议一些文章:phpmaster.com
大约 8 年之前 回复
dqwh2717 4.您没有转义SQL查询中的输入数据。这使您对SQL注入攻击持开放态度。这是非常不安全的。
大约 8 年之前 回复
doushi1974 3.不要使用$HTTP_POST_VARS。这在PHP中已经过时,并且已经存在了很长时间。你应该使用$_POST代替。
大约 8 年之前 回复
doufan6886 2.不要使用“短样式PHP标签”:即<?。您应该始终使用更长样式的PHP标记:<?php。短版本被认为是过时的,并且某些PHP安装不支持。它可能在将来完全被弃用和/或从PHP中删除。
大约 8 年之前 回复
dongluojiao6322 1.不要使用mysql_xxx()函数。它们被认为是过时和不安全的。PHP手册强烈建议切换到mysqli_xx()函数或PDO库。
大约 8 年之前 回复


第二个问题回答,你没有将查询结果分配给变量, mysql_affected_rows </ code>也是空的。</ p >

  $ gb_query =“插入留言簿
值(0,'$ name','$ email','$ comment','$ date')”;

$ sql = mysql_query($ gb_query);
$ res = mysql_affected_rows($ sql);
</ code> </ pre>
</ div>



2nd questions answer, you have not assigned query result to variable and mysql_affected_rows is also empty.

$gb_query =     "insert into guestbook
        values(0, '$name', '$email', '$comment', '$date')";

$sql = mysql_query($gb_query);
$res = mysql_affected_rows($sql);

douwen5833 我从同一个文件中创建了一个新文件来实现此帖子的建议,现在显示条目,但我仍然无法插入值。 同样的错误
大约 8 年之前 回复
dongpu42006096 我做了这些更改,但仍然没有显示结果
大约 8 年之前 回复

It sounds like the error is caused by the Xampp configuration blocking the directory. If you are on a development machine and don't care about security, look for a file called httpd.conf in the apache/conf dir under xampp.

You will find a directive in there similar to this

<Directory />
    Options FollowSymLinks
    AllowOverride none
    Order deny,allow
    Allow from none
    Deny from all

Replace it with this

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    Deny from none

That makes every file on your root drive accessible to the webserver, which on a development machine is fine (although some are bound to argue the point), but in production not a good idea at all.

Csdn user default icon