UnknownSec Bypass 403

: /var/www/cotutilitydash/ [ drwxrwxr-x ]
name : fetch.php <?php //fetch.php include('config.php'); $area= $_POST['area']; $equipment= $_POST['equipment']; $subarea= $_POST['subarea']; $fromdate= $_POST['fromdate']; $todate= $_POST['todate']; $isdel=0; $column = array('consuptiondate','area','equipment', 'subarea', 'totalconsumption'); $query = "SELECT DATE_FORMAT(consuptiondate,'%d-%m-%Y') as consuptiondate,area,equipment,subarea,totalconsumption FROM v_consumptiondetails where area='".$area."' and (equipment='".$equipment."' or '".$equipment."'='') and (subarea='".$subarea."' or '".$subarea."'='') and consuptiondate between '".$fromdate."' and '".$todate."' and isdeleted='".$isdel."'"; if(isset($_POST['order'])) { $query .= 'ORDER BY '.$column[$_POST['order']['0']['column']].' '.$_POST['order']['0']['dir'].' '; } else { $query .= 'ORDER BY consumid DESC '; } $query1 = ''; if($_POST['length'] != -1) { $query1 = 'LIMIT ' . $_POST['start'] . ', ' . $_POST['length']; } $statement = $connect->prepare($query); $statement->execute(); $number_filter_row = $statement->rowCount(); $statement = $connect->prepare($query . $query1); $statement->execute(); $result = $statement->fetchAll(); $data = array(); foreach($result as $row) { $sub_array = array(); $sub_array[] = $row['consuptiondate']; $sub_array[] = $row['area']; $sub_array[] = $row['equipment']; $sub_array[] = $row['subarea']; $sub_array[] = $row['totalconsumption']; $data[] = $sub_array; } function count_all_data($connect,$area,$fromdate,$todate) { $query = "SELECT * FROM v_consumptiondetails where area='".$area."' and consuptiondate between '".$fromdate."' and '".$todate."' and isdeleted='".$isdel."'"; $statement = $connect->prepare($query); $statement->execute(); return $statement->rowCount(); } $output = array( 'draw' => intval($_POST['draw']), 'recordsTotal' => count_all_data($connect,$area,$fromdate,$todate), 'recordsFiltered' => $number_filter_row, 'data' => $data ); echo json_encode($output); ?>