Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Issue Parsing XML into table
Hello all,

Im a bit new to php and new to phpfreaks. But thanks in advance for the help!
<

Help with usergroups? prolly really quick
So were coding our own forums for a game system we made an we have the users level setup but now I n

While Problem
i am having a problem with a while statement here is the code
Code: [Select]<?php
sess

Mysterious Timeouts
I've deployed a few simple AJAX-enabled web page to a local server that is accessed through the Inte

close site for maintenance
i get a tutorial, saying the following code can put our site offline, and only the developer can vie

Record count of entire database
Does anyone know if there is a way to obtain the number of records in each table of the database usi

Is there a more efficient way to code this than what I have?
I have three associative arrays.

$combinedSettings
$userSettings
$defaultSettings

Query failed issue with php script but works fine in mssql manager!
hi i have the script below which copies data from one table to another but will only insert new data

small inaccuracies
I have this code to convert fractional base 10 into base 2:

while($num > 0)

I apologise! It's a newbie to PHP feedback form problem!
Hi,

I am a total newbie to PHP. I am also a unemployed and need to get a job. So after 100% r

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash