Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

array ...
hi
Code: function formatCategories($categories, $parentId)
{
// $navCat stores all child

Displaying image from database
Hi,

I've got a site where that's got a database behind it. Currently it has loads of items in

Procedural to OOP
ohn Kleijn said that to avoid writing "crappy code", we should learn OOP and common OO pri

PHP hyperlinks generator - HELP plz
Hi

I need some help to get this done using php:


1 - I have few hyperlinks say 500

Display Database
I need to create a shopping cart. I found this code online: http://conceptlogic.com/jcart/
Unfort

PHP Code To Change Font Color in Table Cell
I would appreciate help with the following snippet of my php code. I am just trying to change the f

Line break?
Hi, I'm new to the forum and new to php. I'm not sure if I'm using the correct terminology so here i

Hi, explode and strstr.
Hi, I seem to be confused about the strstr function, eg. i have a string like:
"a.b.c.d.e.f&

How to make a mail Form secure?
I want to create an email Form on my web site. How can I make the Form secure so the submitted info

Multi Level Array Problem
hi all,

For example I have array like below:

$temp = array(array('north america', 'us'