Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

How to write on database when a link is clicked?
Hi, I have a list of products in a gridview. When the link is clicked currently it takes to an ext

how to transport the Query and insfoset
Hi

I have created the query using SQ01........
How to created T-code for query..

Help with PHP and checkboxes
I am posting this for a friend of mine, i wrote a small script for her to process her form data to a

help with Get_
ok some how this is not working i am not sure what i am doing wrong here but what this does is when

Getting Resource id #11 while trying to connect..
So i tried using "DEFINE" for the first time and im using the variables i defined to conne

Unifying logins of two different scripts
I have two different game scripts which I want to embed on my own site. The problem is I don't want

parse error
Parse error: syntax error, unexpected '[', expecting ')' in /Users/admin/Sites/phptest/array.php on

How to assign JS screen.width to ASP.Net variable
I've got this ASP.net routine that gets the cookie value of the screen width, but now I need to chan

Unique Visitor Tracking
Hello. Currently, I run a voting site where voters are tracked by their IP address and can only vote

undefined offset help
Hi All,

I kept getting undefined offset PHP notice for a simple for loop. For eg
$va = arr

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash