I’m creating a form where the user should be able to enter any text (used to change articles on the site), Html, JavaScript or literally anything is allowed to type in and post, and so far everything worked. But today I suddenly got this strange error.

When I try to save text with Html to a MySQL database like this:

<a href="http://www.google.com/">google</a>

nothing goes wrong, but when I try it like this:

<img src="http://www.google.com/" />

The page does not load (forbidden error) and the database does not contain any of the text is should contain (the Html).

Instead the page shows the following error:

Forbidden
You do not have permission to access this document.

The same problem occurs when I try to post the following data:

src="http:

Why do I get a forbidden error when the post contains that specific piece of text, whats going on here?

Code I’m using:

if($_SERVER['REQUEST_METHOD']=="POST" && !empty($_POST['save'])){
    $text = mysql_real_escape_string($_POST['textarea']);
    $title = mysql_real_escape_string($_POST['title']);
    $query = "INSERT INTO articles (text, title) VALUES ('".$text."','".$title."')";

When I remove the MySQL query I still get the error so it has nothing to do with the database. PHP safe mode is on, could that make a difference?

How can this be fixed?

Edit: Tried the complete application on my xampp server and it did not show the error, but on my hosting server I use the script in a password protected map. could that be the problem? Anyway I’m going to contact my hosting company.