Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

trim function issues
Hi guys, total noob here...

So I've been tinkering around with a html and am using php to em

generating all possible random letters
hi'

how can i randomize the letters a,b,c,d,e all possible ways, and i want to print the res

Else statement screws up all css
Does anyone know what goes wrong in the process with this php code?
This code seems to be causing

Cannot Display Array from Select Statement + Login question
Hi,
I'm new to PHP but so far so goog. I was assigend a project and I'm very close to completion.

Parse error: syntax error, unexpected T_ELSEIF in /home/......html/item.php on l
I do not know what is wrong with this. Hope some one can help. I do nto want to post the entire site

File upload issues
Hi Guys,

Can anyone see any issues with this code:
Code: [Select]$setImage= 'productimages

ldap connection
We are using ldap to get user information from the domain controller. It was working before. Recentl

array_diff weirdness
I'm using the following bit of code

$diff = array_diff($pids, $pidlist);
$diff = array_va

my code does not work.
I have a code problem.

Quote"<a href=index.php?gogo=ureticidetay&'?l={$le

foreach iterator
Hi Guys
Does the foreach loop have an inbuilt iterator ?