Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

I need an iframe that calls up a different page according to the date
hi

I don't know any php (only html) and I urgently need to do the following:

I need a

Populate drop down list from table??
Lets say for arguments sake that i have a table which contains the numbers 1 to 10.
How can i get

VAT
how should I deal with VAT?

if I have a product that costs £5.00 and VAT @ 17.5% (£0.87

Show specific day of the week
I have been racking my brain trying to get this function to work properly and it is doing so for eve

php automatically escaping single quotes
I'm trying to test out my security a bit and I've noticed that php is escaping my single quotes. For

SAP BCS. BPS
Hi all,

I am seeking reading note on the following in BW

BCS, BPS
ADVANCE

TabControl Inside ListView Not Editing
Hello everybodyI have a ListView on my page. Inside the ListView I put a TabControl, cuz I want to p

help understanding hidden input w/ php
hello i'm doing a tutorial where there are multiple forms for an edit page for a user to update thei

Need help-Error istream header declaration
Hi Everyone ,

I am having issue with istream declaration. I am new to C programming.
can a

if description does not contain the following words
Hello everyone,

I am parsing a MS Excel (.xls) file and adding it's content to a mySQL databa

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash