Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Windows Authentication
I have a website which is windows authenticated.
now i want something more on this application.<

UDP server recvfrom() always returns -1? :(
Hello all,
I am getting a very strange error in my code :( I am writing a server application in C

Sending UDP Raw socket
I truly need help on this. I am trying to write a test program that simulate a network environment

upgrade from 4.7 to ECC 6.0
Hi all,
we are going to do an upgrade from R/3 4.7 to ECC 6.0. I need to know if i can find som

PHP MySQL Return Results Issue
Hi guys,

I'm running joomla and made a module which is using ajax.
Basically i just have a

Echoing a Variable from a Object
How do I get a variable from the new User Class to echo out in this clasS?

class MyApp
{

tell csv import script to ignore blank rows?
Hi i have the below script but i get an error if a row is blank ie a return in the csv file at the e

How to show the difference between two data field in a database with php.
Hello php gurus,

how r u all... i'm not so well facing a typical problem please help me...<

need to add "sizes" to shopping cart
Hey guys, I am trying to figure out a way to add a "size" selector on to this bit of code.

Oracle11g Patch issue
Hi all,

I'm getting the following error while installing Oracle11g Patch 11.1.0.7.0 on IBM-AI

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash