Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

array help
Does anyone know how to require 10 text fields for individual grades and output class average? (10 p

Will an XHTML DOCTYPE interfere with my PHP if I'm not experienced enough?
I've read this article here: http://friendlybit.com/html/why-xhtml-is-a-bad-idea/

In a nutshe

Pulling out some result data from MYSQL
Hey Guys,

I've built a PHP page that has a for just imagine something like registration form

whats wrong with my code please help!!!
this is the error


Warning: mysql_close(): supplied argument is not a valid MySQL-Link res

php slowing my site?
Hi all,

I think that one of the reasons that my site doesn't work fast is that the code is ve

button.click += new eventhandler() not works in if(!ispostback)
i want to use button.clcik event in function VIewScrap() which is called in if(!ispostback) but itdo

Generate multilayered array from string.
ok so i have a string that looks like this:
Code: blog:edit_all,delete_all|users:edit_all,delete_

SHOW TABLES Help
Hi all

I have the following

Code: [Select]<?php
$sql = "SHOW TABLES&quo

Display last record first.
I need some help how put the last record first and first record last.

Thanks

Code: &am

button help
i originally had this but realised it is much easier to have a button.

Code: <?php

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash