Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Please help with SMTP Authenticated PHP Email Form
Hello, I'm creating a PHP email form, and for this particular server, I have to use SMTP Authenticat

mySQL and PHP search
Hello,
I am trying to code a project and ran into a brick wall with one of my pages. I am pretty

Error with Font and imagettfbbox
I keep getting an error that says "Warning: imagettfbbox() [function.imagettfbbox]: Could not f

PHP code needed to get/post form fields and request mysql query results.
I'm new to PHP

I've created an html form to allow the user to request a basic telephone dire

Display the user's weight lost in the past week
Hello everyone,

I am working on a weight loss app for my site, and I want to display the user

Material xxx does not exist in plant xxx
Dear All,

I am working for a steel project which is repetitive manufacturing.

Calling strings from other php class
I have test1.php{
$string1;
$string2;
....
... //10 strings in this class <

error with opendir
when i do this

if ($handle = opendir($dir)) {
while (false !== ($file = readdir($han

PHP Include not working
The website is http://www.grlistingservices.com

The code block is as follows:

<

Add_Months not Easy to Understand
Oracle is number 1, very fast and very easy. But....
OK, I think but have a problem, only 1 pro

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash