How to save website links in MySQL database

Data and Databases
1

I’m building a system to manage musician profiles and need to store multiple web addresses for each person. The form has fields for social media profiles like Facebook, Twitter, Instagram etc. I’m having weird issues where some URL fields work fine but others cause server errors.

Here’s my form structure:

<form method="post" action="save_musician.php">
  <input type="text" name="first_name" required>
  <input type="text" name="last_name" required>
  <input type="email" name="contact_email" required>
  
  <input type="text" name="personal_site" size="60">
  <input type="text" name="facebook_url" size="60">
  <input type="text" name="twitter_handle" size="60">
  <input type="text" name="instagram_profile" size="60">
  <input type="text" name="spotify_link" size="60">
  
  <input type="submit" value="Save Profile">
</form>

And the PHP handler:

<?php
$db = mysqli_connect("localhost", "username", "password", "database");

$first_name = mysqli_real_escape_string($db, $_POST['first_name']);
$last_name = mysqli_real_escape_string($db, $_POST['last_name']);
$contact_email = mysqli_real_escape_string($db, $_POST['contact_email']);
$personal_site = mysqli_real_escape_string($db, $_POST['personal_site']);
$facebook_url = mysqli_real_escape_string($db, $_POST['facebook_url']);
$twitter_handle = mysqli_real_escape_string($db, $_POST['twitter_handle']);
$instagram_profile = mysqli_real_escape_string($db, $_POST['instagram_profile']);
$spotify_link = mysqli_real_escape_string($db, $_POST['spotify_link']);

$query = "INSERT INTO musicians (";
$query .= "name_first, name_last, email_contact, ";
$query .= "url_website, url_facebook, url_twitter, ";
$query .= "url_instagram, url_spotify, created_date) ";
$query .= "VALUES ('$first_name', '$last_name', '$contact_email', ";
$query .= "'$personal_site', '$facebook_url', '$twitter_handle', ";
$query .= "'$instagram_profile', '$spotify_link', NOW())";

mysqli_query($db, $query);
?>

The strange thing is it works with one URL but fails with multiple ones. I get 403 forbidden errors when adding URLs to certain fields but not others. Server permissions look fine and error logs show nothing. Anyone know what might cause this?

2

check your db schema - might hit char limits on url columns. that 403 error sounds like a waf issue, not mysql. try url encoding the values before inserting, or switch to prepared statements instead of escaping.

3

I encountered a similar issue while developing a portfolio aggregator. The 403 errors occur because your web application firewall interprets the submission of multiple URLs as a potential injection attack, leading to security rule triggers. I resolved this by transitioning to prepared statements with parameter binding, rather than concatenating input directly into SQL queries. This method not only enhances security but may also resolve your 403 error. I recommend switching to PDO or mysqli prepared statements for better protection and functionality.

4

That’s weird! Could be a mod_security rule getting triggered. Some hosts flag multiple URL parameters as suspicious activity. Try testing with one URL field at a time - does the same field always work while others fail?