Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
C++ API to Oracle dB
I need to perform a select command to the Oracle dB to obtain information from a table.What libraries can I link into my project to make this work?I read about the OCI - but I cannot find any
problem with array - multilingual page
this is my test page :Code: <?php if(isset($_GET['lang'])) { if($_GET['lang'] == "en") { require_once("languages/lang-en.php"); }
I have a parse error in this query help..
Code: $query1="INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())", "InsertRating";Parse error
Help uploading .JPG
I have a problem with upload images when the ending is .JPG capitalized.. I really don't know what causes it to crash but been testing it for some time and it's my retrictions that won't allow it in.
form problem
Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I cannot see my issue!I hope this is in the right section as it uses modalbox, however I think its a
Forms Authentication and Refresh at Login page
Hello,
pop3 and fsockopen
So I am able to connect to the pop3 server, log in, and check how many messages there are. I am having a problem with server responses though.In the following code, I don't understand why on the
unexpected T_VARIABLE error
Hey all! I'm getting an unexpected T_VARIABLE with the following function:function getHighestParentName($id = $this->cid){ $cat = mysql_fetch_assoc(fsquery('getParentCategories', $id));
Java API in PHP?
I have an application that we use internally here at the office.The software company provides a Java API.Is there a way to use this Java API with PHP?or am i stuck having to use tomcat and jsp to
Getting a variable to work in function params
I have this fuction which is inside a class:Code: public static function generateEmbedCode($callId, $width="425", $height="320", $swfobjectPath="SDK/js/swfobject.js",
