Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Problem in String replace program's output
Hi all,
I was trying to make a program which accepts a string and replaces it with another stri

Transferring session variables into MySQL
I am trying to transfer $_SESSION variables into MySQL. However there is an error in my MySQL statem

Got A Free Server :(
So I was given a free server

http://shopping.yahoo.com/p:Compaq%20ProLiant%201500%20Server:1

SAP Management Console is blank
Dear All ,

I am facing problem in my des sever suddely in SAP Management Console is blank and

Problem Dereferencing
With these types and tables:

CREATE TYPE MANAGER AS OBJECT (
MGR_ID INTEGER,

my sql select id and then update problem.
I need to select some auto incremented ids out of a database and then use those id in a where statem

Time script, set to my time zone?
I am using this line to get the date and time

Code: $time = date(F." ".d.", &q

help need on ob_start()
Hi

I am a newbie in php, I have a code
Line number On/Off | Expand/Contract <?phpo

how to read and write into a word document using php...?
hi,
I need,reading and writting into a word document using php.




Thank u inadva

MySQL Primary key gap
Alright, so I have a table with 26 entries in it (id, filename, caption) for my image randomiser (ht

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash