Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Why does this file not return file names that start with numbers?
This file returns a list of filenames to help populate a drop down in my form. For some reason it ig

building a function with multiple outputs
I want to build a function that has multiple outputs.

I know but am not to sure how I should

What's wrong with my code
sobbing for many days, still don't know why please Help. Why my page isn't posted correctly. In a

Show specific day of the week
I have been racking my brain trying to get this function to work properly and it is doing so for eve

Cache PHP Objects/Classes?
Does anyone have ideas about caching PHP objects using something like: http://memcached.org/

Quick variable question
hey guys/gals,
im trying to write a php script and it works fine as i have it, but i need to set

what business processes?
Hi,

A general question. What business processes (like OTC - Order to Cach, P2P, R2R etc)

Date Format
Hi there,

I have a date format like this right now:
Sat, 17 Oct 2009 17:04:00

I ne

PHP Search Issue
Hi, I am using the following code to search and return flights from a database. The user searches by

MASS PM
Hello all, I'm trying to send mass private messages to users in my database but keep getting an erro

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash