Securing a user input - need some confirmation
Posted on
16th Feb 2014 07:03 pm by
admin
Hello All,
I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.
I am using this code:
$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);
...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.
Can you confirm this, or is there something that I am missing?
Many thanks
No comments posted yet
Your Answer:
Login to answer
217 
28 
Other forums
Comparing two dates
Hi Guys
I have two dates I want to compare. Below is my current implementation. The problem with
Need help with unexpected T-STRING error
I'm a newbie and I'm still learning PHP. However this error has me stumped. I've googled, searched t
PHP4 to PHP5 Conversion
Hi Everyone,
I am working on a site that is built up on PHP4 and each page is being started f
Question about the upload of large files
Hi there,
I have a question about the upload of large files, like videos (files generally abo
unoconv doc convert to pdf code prob
PHP/5.3.1
Hi. I am trying to use this code to convert docs to .pdf utilizing unoconv. Howe
