Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Using real time in php
I'm very average at PHP and im looking to introduce time to something on my site.
Its a sports si

question about stripslashes and real_escape_string
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I hav

Embed Video Problem
Hey, thanks for looking!

File to be embedded:

Code: <playlist version="1&q

SAP Management Console is blank
Dear All ,

I am facing problem in my des sever suddely in SAP Management Console is blank and

Problem with an browser game.
Hello,i just joined that great forum and i got php prob,its kinda freaky...anyway i got browser game

ImageCreate()
When I create an image and add text to it I want my text to be replaced with a PNG image, because th

How to show the difference between two data field in a database with php.
Hello php gurus,

how r u all... i'm not so well facing a typical problem please help me...<

insert/update functions for mysql, what do you think?
I am working on two really simple functions that automatically generate (and execute) insert and upd

Optimize Code
Just started getting into the use of cookies. The following code will redirect users to a set URL s

Adding delete feature to my forum
Hello I am currently trying to add a delete feature to my forum. I believe I have everything built r

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash