Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Do something every fifth time?
I'm trying to write a loop, but I want it to do something different after every fifth instance. Like

extending tidy
I have problem with type-hinting and extending tidy. This code creates error:
Code: class cMyTidy

Record count of entire database
Does anyone know if there is a way to obtain the number of records in each table of the database usi

Google voice
I currently have a form in html, but I want it in php so the information is not in the source code.<

MySQL Does not UPDATE- SQLString Problem
vb Syntax (Toggle Plain Text) 1. SQL = "UPDATE sampletable SET column1 = 'C1sample1'"

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Google+ Indyaspeak @ Pinterest RSS