Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
Small problem with image resize script
Hi!I am a little bit new to php and I have an issue installing an image resize script I downloaded (http://shiftingpixel.com/2008/03/03/smart-image-resizer/) and can't seem to get it working.Here's a
Using CSS to format MySQL query
Hi,If i want to have a news page on my site, which displays all records of a table in descending order by date I am using the below code. I can display it all in a big table but this is a bit boring.
Confusing Functions
So, I've been reading up on Functions and I like them! However, I need some help using variables in functions, since it's kind of confusing. I just made these functions: <?php function
Phase Error I can't seem to find :(`
Hey guys, I can seem to find my phase error on this. I am getting this error[error]Parse error: syntax error, unexpected $end in /home/klrbal/public_html/Mafia-test/tempfam.php on line
Get ID from Database when Posting with a HTML Form
I have a form I am submitting to a MySql database. Each product has an ID # attached to it that auto_increment.I need to pull the auto incremented ID # for the entry I just posted onto the page so the
Problem executing bash script using shell_exec
Hi there,I created a bash script file using following code to convert doc documents to pdf using OpenOffice macros.*************************doc2pdf:#!/bin/shecho "hi"DIR=$(pwd)
curl javascript problem
Hi Experts.I'm new curl and wanna to get some info from this http://www.amadeus.net/when user enter some city name,the page suggest a list and then user select one of them.then user click a button and
Typing math
I've added support for typesetting math using LaTeX on the forums.Example:Code: [Select][tex]\sum_{n = 0}^\infty \frac{1}{n!} = \lim_{n\to\infty} \left(1+\frac{1}{n}\right)^n = e[/tex]Outputs:Just in
Help Import Animoto and Youtube
CAn someone help me urgently want to allow users on my website to import youtube/revver/dailymotion and very important animoto videos into the site.This feature will come in the upload window.Can this
PHP mail() returns true but doesn't work
First off I apologize if this is a newbie question, and I generally don't like asking questions that have already been asked 1,000,000 times, but I've searched far and wide and cannot find a solution
