Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Problems generating word documents on server side for security reasons
I have a problem with word documentation generation when generating a word document (docx) with PHP.

multipart emiail forms
Hi All,

I am new to the boards and I've been working on a form (which is rather massive, imo

unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_
Can anyone view my code and tell me why im getting the error:
Parse error: syntax error, unexpect

Displaying Site Logo/Icon on a Title tag
really need some help out here. I want to insert a Logo/Icon just like the one close to the "PH

Passing an array of values From VB6.0 to Oracle PL/SQL Function
Basically we are using VB6.0.

When we try to pass an array from VB6.0 to an Oracle PL/SQL

Simultaneous select/update/insert
Hi

How would I need to go about when 2 users update a single row simultaneous? And how would

Help with some dates
I have a list of dates in an array:

$mondays = array(
strtotime("October 12, 2009

Need Reporting Advice
My SQL server doesn't support MS SQL reporting services that comes with SQL Enterprise or Express. T

Multi Level Array Problem
hi all,

For example I have array like below:

$temp = array(array('north america', 'us'

ALV List Display to point to another report on Double Click
Hi,

I want my ALV List Display to point to another report on Double Click on its line ite

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash