Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
Embed Video Problem
Hey, thanks for looking!File to be embedded:Code: <playlist version="1"><trackList><track><title>SOCCER -
if description does not contain the following words
Hello everyone,I am parsing a MS Excel (.xls) file and adding it's content to a mySQL database, so far to good, but what I want to do is if the column titled description does not contain these words
"SEO" URLs
Hey, I'm wondering how to go about creating and using these types of URLs. I'm presuming it's PHP that does this? I see them on Wordpress and Joomla and such but I've been trying to learn exactly how
batch file not building to webapps folder
Hello. I just started running Vista :P and can't seem to get my projects deployed. I found out how to run the .bat file, but my project isn't in the Apache webapps folder. I'm getting an error in
exclude characters from counting?
Hello, I wanted to ask if you have a string like:Code: $my_s='ASRGREGTGTR----REGREGRE+++RRRRRR....';is there a way to count the length of the string, excluding non-word characters (+,- or .)?thank you
displaying email without attracting a ton of spam
Hello,this is maybe the wrong place to ask.How would you display an email address on a website without attraciting all the spammers of the world to fill your mailbox ?does anybody use something
Inserting 100x and 100y coordinates in mysql table - easy
Is there a way to insert this data into a mysql table named 'map' with the fields: 'x int 3' , 'y int 3' in an easy way with maybe a for loop or something?I want the data entered to be like this:0x
mails going in spam??
The mails I sent to folks in my database using mail(function) are going in spam??Any idea how I rectify this issue?
Accessing Infotype data in dialog program
Hi All
Help! refer to a friend script with captcha code
Hi guys, I am posting on here in desperate need for some help with an ongoing search I have been doing for the last few weeks. Basically I have searched the web, high and low for a "mail to a
