Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Need help with simple code, back and forward buttons.
Basically, I have a set of pages in a folder, which have the title somephrasehere_09.php, somephrase

Using Microsoft Exchange Server with PHP
Hi,

I wanted to know if its possible to fetch email attachments from the exchange server usin

Help With editting and deleting form
Hallo !!

So look at this image :

http://img194.imageshack.us/img194/8272/snapshot5f.pn

help with php
It's not displaying or pulling anything out of the database.


Code: <html><

$get problem
Hi Guys ...

can you please tell me what i am doing wrong here
Code: <?php

How do I use ValidatorCallout extender in Login control?
Hi,I'd like to customize the look and feel of the login control a little bit. One thing I'd love to

connect() succeeds but accept() does not?
Please help me with this problem. I'm working on a time-sensitive project where I'm using TCP socket

Array becomes unset by itself?
Hi,

I have a bit of experience with PHP but not extensive. It seems I cannot store any items

file_put_contents and createimagefromjpeg
All,
I do somethings and then I have the following code:
file_put_contents('./test/'.$filename

Displaying returned XML in another PHP page
I have an online payment form that will return XML given if a payment is successful or declines. I

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash