Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

weeks in a year
hi,

i found this snippet on php.net
QuoteFor the week number for weeks starting on Sunday:

Track downloads' status
Hello,

I need to make somehow, some system, to track whether downloads are completed or faile

Amend code to allow multiple attachments
Hi

I have a php page that allows the user to browse to a file (image) then sumbit, the confi

PHP Cannot redeclare class
I have 6 files, and two of them do not seem to want to play well. I keep getting a "Cannot rede

question about stripslashes and real_escape_string
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I hav

Mail from PHP form not always ending up in my inbox?
Hi guys,

I'm a real newbie to PHP and have managed to put together a simple mail form that se

styling a RadioButtonList
HiI need to have a radio button and close to it, its lable, then a space then another set of those.

Rand() help needed
Hi all,

Can someone explain and give me a quick example of how I would go about this?

Port scanner problem
Hai
recently i developed one app through which u can check the opened and closed ports under an

Multiple upload and Resize
I would like some help on my script I have the for my index.php

////

<html&