Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

URL Rewrite issue
Im created a series of Rewrites and on page checks to make sure the correct url is being called. But

Replacing a string on click of a button
Hi! Is there a way to replace a string on a click of a text link?

This is what I've come up w

php file erros / need help please
Hello

Someone decoded a zend file for me.. after uploaded it on ftp i get some errors, i trye

Get value from Select menu
Hi!

Have tried to find the solution on the web. Don't know if there is an easy one. A descrip

need help with date function
i have following form for date

Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01

How to file_get_contents when login required?
Hello!

I am trying to read data from a page that you have to be logged into to view, I am try

CODE NOT WORKING
Code: [Select]<?php
//include shared codes

include '../lib/common.php';
include

defining website tags
Hi,

What would be the best way to define tags for my site, such as website title, url etc.

trim function issues
Hi guys, total noob here...

So I've been tinkering around with a html and am using php to em

if php cookie set, show code...
Hi all.. I need to figure out this little snippet right quick.. seems like it should be easy enough