Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

php ajax - two drop down list with a submit button
i have created a form with 2 drop-down list and a submit button. I would like to know how to pass th

License Issue - service type user
Hi,

I would like to understand the following issue regarding sap license.
I wish to

PHP Directory Listing Not working
Hey Guys,

I need help, I tried a ton of directory listing scripts and they all don't work. Al

Problem writing URL into database
How would I write this into the database?

<?php echo "http://".$_SERVER['SER

Local file browser with php
Halo..

So this is what i want to create. I have a folder that i share and it has many movies.

MYSQL INSERT ID NOT WORKING
Code: $id = mysql_insert_id();
header("Location: ./?view=$id");
Why $id pulling blan

Problem with shopcart code
Hello, I am having a bit of trouble being able to add a product to my shopcart. My mysql database i

Need Help with a query
Hello,
For some reason I am just not getting the right answer when I do this query and not quite

gmdate() - want 1 hr before time
Hi,
I am using php gmdate().
Now I am entering all dates in my dbase using gmdate("Y-m-d

Regarding accessing SQL query issued by any user in Oracle 10g
Hi all,
i want to know the queries issued by various users accessing a database...

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash