Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

retrieving images from mysql database using php
So I've been trying to figure out how to store images in a mysql database, and as far as i can tell

Date help - fetch dates for Mondays between xxx and yyy?
Does anyone know the best way to do this? I have two dates, say:

2010-01-26 and 2010-05-30

Set Categories
I am creating a submission form for somebody to come in and submit products. These products are sep

Storing Values taken from a DB...
Using this code it will generate a short list from my database

<?php
mysql_connect

Consuming third party Payment Gateway API from Procedure.
Hi All,

First of all i would like to thank all the people of the oracle forum for providi

Cache PHP Objects/Classes?
Does anyone have ideas about caching PHP objects using something like: http://memcached.org/

Time-based image rotation script
I'm trying to write a PHP script that rotates an image based on what time of day it is. I want the

2 things: enter doesn't work in IE & empty form
i have this search form that works well except for 2 things.

1) on IE when i hit enter instea

some query on multilingual website
Hi all,

Which is the simplest and easiest method to make a website multilingual,
is it put

asp authentication problem
Hello all, I want to use the asp authentication (from asp.net configuration) in my web site. there

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash