Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

highlighting search terms
well, I started this in the regular PHP section, but it no longer fits there. Suffice it to say, I'm

matching numbers inside ( )
I know I can match numbers by just [0-9]+, so I thought matching numbers inside ( ) would be somethi

Add weeks in a query?
I have a SQL that summarizes the quantity per week. The weeks that has no value does not exist in th

Values disappear from my array :( HELP!
hey all, I have a lil mysql/php/apache script that queries a database
and pulls put 5 integers.

LIMIT $start, 10... how to pass last value queried into next page with GET??
Ok I know how to display the first or last 10 results of a query...

$result = mysql_query(&q

Change snippet to use CURDATE
I am using time() in the snippet below, I would like to use CURDATE() and have the database setup fo

php/mysql problem
Hey all,

Problem: im trying to setup a shop where people can use a drop-down list to select t

Thought I has this figured out especially after all the help i received?
Cags, Salathe, Daniel helped me with this yesterday, but not sure i took it all in.
I am attempti

Saving data from a form into a file
Hey everybody,

Sorry, I am really new to PHP coding and such but a project kind of got thrust

Sending a hyperlink through mail
HI all,
I am sending a mail to outlook mailbox of a user using FM SO_NEW_DOCUMENT_ATT_S

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash