Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

php redirecting
i wont open a new thread but i have a question about redirecting....
i wonder why my code doesnt

Session
I am having a little trouble with a session. Not sure if it is my browser or what. I know I do not

Scheduler problems related to execution of a single BLT by many schedules
Hello all,

We are running several MII instances in a distibuted architecture using a sing

show the direct link into href
I want to display link on the page. i am fetching the data(URL) from database,actually before that i

import table with dependency
Hi

What is the best way to import table back which has dependency?

SQL> cre

Help to integrate whois Domain Details to website
Hi,

can i know is their any php script r methods to add domain details to my website.

whats wrong with my code please help!!!
this is the error


Warning: mysql_close(): supplied argument is not a valid MySQL-Link res

rename the file
File.txt

Code: ***DOCUMENT***
..DN:
000044255
..CB:
..SN:
..PY:
2009
..E

PHP Thumbnail Creation
Ok so i use this function to create thumbnails:

Code: [Select]function createthumb($name,$fil

Wierd if else problem
Hi guys,

this probably aint wierd for you, but it seems like php is playin up to me. may b i