Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
Trending TodaySee what people are reading
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

How to calculate days from variable date?
This will be easy for one of you gurus. I want to fetch the date from a variable date, for example:<

Significance of BPM
Hi Experts,
I am a novice in BPM , I just want to know how BPM as permenant department is

How to Handle more than one submit button in single form?
Hi
I have one PHP file which contains one Form. In this form there are two Submit type Buttons

Bar charts using Graphical Framework.
I am using Graphical Frameworks(GFW) to create a chart Graphic . There is no problem with the data d

Mysql query, two times?
Hello to all,

I'm new to php coding and i like it alot. I need help with some noob stuff.

How to generate a random array of integers subject to a certain constraint
I am writing a program that asks the user to enter an integer N and then generates a random array of

controlling/creating accounts with privileges
hi all,
i'm trying to figure out how i can create/control account with privileges, for instance a

PHP and Javascript
Hello Everyone,

I have a page that needs a javascript code to be written between PHP code but

ereg_replace issue
hi there people

i have this code happening with regards to my wamp server. is this something

blank page.... nothing is happening.
I'm new to a lot of this but in the last 24hrs have learned a lot.
Installed latest version of my

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash