Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Reditecting pages based on logic
Newbie here, apologies in advance!

I am trying to use the header function to forward one of a

Google Map
I have done Google Map Integration for one my project. But for that we need the "latitude and l

data type in column definition
Hi,
I create a table with column called "Direction of Travel code ".
The travel codes in t

Need help with cin setw
I made a program here is my code:

#include
#include
#i

Parse error: parse error in C:wampwwwlogspagesmembers.php on line 16
I dont see the problem with this, I always get Parse error: parse error in C:wampwwwlogspagesme

reating a background image
I am building a site in drupal and have a php form in it, due to certain annoyances with module buil

Date help - fetch dates for Mondays between xxx and yyy?
Does anyone know the best way to do this? I have two dates, say:

2010-01-26 and 2010-05-30

user data not transferring to new page
I'm a PHP learner. After an index.php page, the user goes to a login.php page. Both pages seem to

Need Reporting Advice
My SQL server doesn't support MS SQL reporting services that comes with SQL Enterprise or Express. T

PHP onsubmit in the form not going to the fuction.
I have a form through ‘onsubmit’ calling a function validation(). But not going to the

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash