Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

login box shows up again after logging in 2nd login works
Hello,

I am having trouble on my site Lockerz.rack111.com where when you login the login box

Filtering an Array Based on Value
I have a very simple script set up that pulls data from a database and is output using this code:

progress bar...need expert opinion of experienced webmaster
Hey guys, quick question:

I want to display a progress bar when I upload files, but I am not

do while conditions
i want to display 6 images in a 2x3 table
now what would be the correct logic to
count that th

EU VAT Package 2010
Does any one know whether SAP will be developing new reporting functionality due the new VAT rules t

SAP BCS. BPS
Hi all,

I am seeking reading note on the following in BW

BCS, BPS
ADVANCE

Contact Form Not Working When I Add Validation Codes
So I built my first working PHP "Contact Us" like form. But, I have been trying to now mak

Writting a script to arrange images........ need some help
Ok so here is the link

http://hmtotc.com/dev/projects/vrassociates/jeweler_dev/admin/index.ph

MII Trends - add data onto chart object
Hello,

Can anyone please provide some thoughts on my current requirement:
its pretty

Disable html within defined tags
I have a mysql database that allows users to enter content with html, but I also want to have a tag

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash