Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Display the user's weight lost in the past week
Hello everyone,

I am working on a weight loss app for my site, and I want to display the user

replacements
I have a variable in my PHP script like

ASSFDDDDDDDDDDDDDASDDDDDDDDARYTRHKKHHHHHHHHHHH and p

Update Myspace status with CURL
Logging in:

Code: <?php

class Myspace
{
function login($username, $pa

GET * FROM _____ Except?
I have a site that is for stock photography.

This section of the code calls images to display

Table sorting
Hi,

I'm trying to modify the following in order to make the output table sorted alphabeticall

Converting from one format to another
"I have got a date in DD/MM/YYYY but I need it in MM-DD-YYYY. Help!"

Please help - should be a simple fix.. driving me nuts
Everything seemed to be working fine. I have a table, it alphabetically lists a bunch of cities and

Probably Easy, Need help with Check Boxes in PHP Code
hello,

Thanks for looking this over and helping me out. My problem is I have a online store l

What is SAP Avatar ?
Hi All,

This G.Satish , my boss asked me to explore on SAP Avatar. I searced in internet

PHP webpage & array print issue
I have this code running, and it works perfectly … however, see my bottom bit about what I see

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash