UnknownSec Bypass 403

: /var/www/zenithentcare/stmedicosoftware/prescription/ [ drwxrwxr-x ]
name : showpatient_document.php <?php require_once "../config.php"; session_start(); /*$connect = new PDO("mysql:localhost=3306; dbname=stbookingslotdb", "root", ""); /*function get_total_row($connect) { $query = " SELECT * FROM tbl_webslesson_post "; $statement = $connect->prepare($query); $statement->execute(); return $statement->rowCount(); } $total_record = get_total_row($connect);*/ $limit = '5'; $page = 1; if($_POST['page'] > 1) { $start = (($_POST['page'] - 1) * $limit); $page = $_POST['page']; } else { $start = 0; } $uhid=$_POST['_uhid']; $fileno= $_POST['_fileno']; $query="Select * from patdocumenttb where uhid='". $uhid."' order by id desc"; $query1="Select * from patdocumenttb where uhid='". $uhid."' order by id desc "; $filter_query = $query1 . 'LIMIT '.$start.', '.$limit.''; $statement = $connect->prepare($query); $statement->execute(); $total_data = $statement->rowCount(); $result = $statement->fetchAll(); $statement = $connect->prepare($filter_query); $statement->execute(); $total_filter_data = $statement->rowCount(); if($total_filter_data ==0) { $msg="no record found"; echo $msg; return; } $output = ' <br> <table id="studtable" class="table table-striped table-bordered"> '; if($total_data > 0) { foreach($result as $row) { $output .= ' <tr> <td> <div align="center"> <img src='.$row["pat_imagepath"].' width="150px" height="150px"> <div> <div style="padding: 10px"> <table width="100%"> <tr> <td width="50%"> Id: '.$row["id"].' </td> <td width="50%" align="right"> <button type="submit" id="update" class="btn btn-default" onclick=getimage("'.$row["id"].'")>select</button> </td> </tr> </table> </div> </td> </tr> '; } } else { $output .= ' <tr> <td colspan="3" align="center">No Data Found</td> </tr> '; } $output .= ' </table>'; echo $output; ?>