Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
problem with refreshing
in my site, i have an index page, it has a main div. this main div's content is changing according to the menu click as home, products etc. div is populating itz contents with html pages for these
SELECT * FROM users WHERE Users are not in Blocked
How do I select all users from users table where there users_id is not stored in the block table
Dynamic links in an include file
I am working on a small piece of code that counts records from a database and displays the result to the user. Everything works fine, except I am running into difficulties with dynamic links.The code
Help with search.php
Hello AllI need the search engine on a site I am building at the moment to display the search results inside the main section of the web page. At the moment I have got as far as connecting the search
BIG file upload!
Hey guys!I'm trying to upload a file, it works well with smaller files but with 60mb+, I get a POST size error even though I've raised POST max size:Code: ini_set( 'post_max_size', '500M' );This error
Certain files upload, while others do not
I want to read the data from an uploaded file. Not sure why, but it only uploads for certain files. Not sure if it has to do with the size or what. Even when I comment all of the if and else
Bluetooth RSSI & VIsta
Okie I got 4 Bluetooth adapters, a DBT-120 by Dlink, A Zonet Microsoft Bluetooth which is what I used with 32Feet and another TOS Bluetooth Adapter, and I got a 1000HE by Asus which has Broadcom
Auto install
Hi I have a directory lets say "apps" that I then have more folders ie "email", "projectmanagment" now each of these "apps" need a mysql table, each of these
Problem with coding MySQL query
I'm having heaps of trouble getting one of my PHP/MySQL queries to work for some reason (and the funny thing is there are plenty that are identical to it all the way through the site) so I'm wondering
Undefined variables
hi----------------------------------------------------------------------------------------------------error log "[Sat Jan 09 17:40:00 2010] [error] [client 127.0.0.1] PHP Notice: Undefined