Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

adding up might be solved tell us cheers.
i think i finally solved this anybody.

last time i was getting the wrong results.

Code

Embed Video Problem
Hey, thanks for looking!

File to be embedded:

Code: <playlist version="1&q

array empty
Hiya peeps,

Ok here is the codes.

order.php

Code:

I apologise! It's a newbie to PHP feedback form problem!
Hi,

I am a total newbie to PHP. I am also a unemployed and need to get a job. So after 100% r

php form help
Hey,

I use a control file to set my meta tags and titles

Here's an example
Code: &a

Filename like the user name
I am creating a form and storing the values in file. Could anyone please tell me how to write a code

Populate drop down list from table??
Lets say for arguments sake that i have a table which contains the numbers 1 to 10.
How can i get

form help
this doesn't work. i want the form action to go the location.href of the submit button chosen.. how

Basic Forum Tutorial
Hi, I'm new to PHP. I want to build a basic forum for my site using PHP and MySQL. I've searched t

Undefined offset
The following script checks to see if the user answer matches the correct answer.

Form Fiel