Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
Transport data between itab and textfield on ALV event
Hallo,
LSB (PHP 5.3) problem with static value!
hello,i'm having a problem. static::$text variable gets lost at some point. can someone please correct and explain it to me?Line number On/Off| Expand/Contract <?phpclass A { protected
How to assign a textbox value to PHP variable??
Hi ! Can any one help me out as quickly as possible. As I m new to PHP.Plz tell me how to assign a textbox value to PHP variable on a same PHP page with out POSTING data to other page e.g:$tbVal =
Having Problem with Date
l have a submit buttom where user have the possibility to add a date to specify when his message should be made reachable online.I have seen a bug which l am not having a clue to solve and l need
PHP arrays into arrays need help
HelloI am trying to highlight the days on my calendar based on the dates that i have in my database. Currently I can only get it to display the last element in the database which leads me to believe
PHP Session Issue
I'm having an issue with one section on my website dealing with sessions. Now I know that myself and two other individuals can get it to work without any issues on IE, FF, or other browsers, however,
Generate multilayered array from string.
ok so i have a string that looks like this:Code: blog:edit_all,delete_all|users:edit_all,delete_all|settingsand i want to make a code that can take that string and put it in a multi-layered array like
confused between ' ' and " "
there is a php i set:$begin_date_query = mysql_query( "SELECT SUBDATE(due_date, INTERVAL $days_expected DAY) AS begin_date FROM baby WHERE baby_id = $_SESSION['baby_id']" );'coz of the
dinamic "textboxes"?
Ey all, my first post here, i hope its not a hard one I display mysql results in a tableEach row has a link which must send the title of the row to "result.php"
Reditecting pages based on logic
Newbie here, apologies in advance!I am trying to use the header function to forward one of any number of locations (taken from a db) based on the value of a response param:Quote<?php include