Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
Using two $_POST Function / Switch () statements, second does not work.
Hi all. I’m new to php and am having a problem getting $_POST Function / switch () to work. I am coding a registration form. I ask the user a Yes/No question. Depending on the answer I have an
Table Control
Hi Guru's,
Problem with Subscreen
Dear Experts ,
Need help making a blockquote and line items conditional
I have some code I bought a few years ago that allows my clients to update content on their site using an Excel spreadsheet. Well this particular application sometimes has line items so I need to come
Onclick problem in Firefox
Hi, I am using a <label onclick="myfunction(this)"></label>. It doesn't seem to trigger in Firefox but works fine with ie. Does anyone know why?Thanks
Displaying an image using echo command
I had done a query on my database, one of the fields being an image reference to a directory where an image is stored. e.g "/images/picture.jpg"I want to display this image by using
Login script (probably a simple error)
dbConfig.phpCode: <?// Replace the variable values below// with your specific database information.$host = "localhost";$user = "username";$pass = "password";$db
mysql_affected_rows() usage
Possibly a MySQL issue, but the function that is not behaving in the anticipated way is a PHP function.Seems as though mysql_affected_rows() is not returning the desired number so I can move into my
MySQL issue
I am taking sentences through a form on page. Then checking some condition and trying to insert them in database. I have issues while inserting...foreach ($sentences as $final) {......else {
Find occurences of unicode characters in string
I need to prohibit filenames with everything but English characters and numbers but regexp and string function don't seem to work because they consider the Greek alphabet letters as part of the A-Z
