UnknownSec Bypass 403

: /var/www/zenithentcare/stmedicosoftware/prescription/ [ drwxrwxr-x ]
name : curd_dosage_remark.php <?php session_start(); require_once "../config.php"; $msg=""; $creationdatetime = date("Y-m-d H:m:s"); $type=""; $dosage=trim($_POST['dosage']); $dosageremark=trim($_POST['dosageremark']); $id= $_POST['id']; $userid= $_SESSION['userid']; $btnopration= $_POST['btnopration']; $identifier= $_POST['identifier']; $gnotdeleted=0; if($btnopration=="SAVE") { $query="select * from dosageremarktb Where dosage='".$dosage."' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into dosageremarktb(type,dosage,englishdosage,isdeleted,userid,creationdatetime) values('".$type."','".$dosage."','".$dosageremark."','".$gnotdeleted."','".$userid."','".$creationdatetime."')"; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { $query="select * from dosageremarktb Where id!='".$id."' and dosage='".$dosage."' and isdeleted='" . $gnotdeleted . "'"; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="Update dosageremarktb set type='" .$type. "',dosage='" .$dosage. "',englishdosage='" .$dosageremark. "' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record update successfully"; else $msg="There is problem to update Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="REMOVE") { $query="Update dosageremarktb set isdeleted='".$gdeleted."' where id='".$id."'"; $result=updaterecord($conn,$query); if($result==true) $msg="Record delete successfully"; else $msg="There is problem to delete Record"; } echo json_encode ($msg); ?>