Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

mysql select query problem
how can i select multiple fields from multiple table in one query like

i have table name t1 a

PHP error (line 38) my website
Hello everyone, I'm new on this
and I got a web site thats got a error not showing the photos on<

Array becomes unset by itself?
Hi,

I have a bit of experience with PHP but not extensive. It seems I cannot store any items

Procedural to OOP
John Kleijn said that to avoid writing "crappy code", we should learn OOP and common OO pr

read integers that returns a negative or prints the average
Im trying to finish this homework assignment by tommarow afternoon and I keep getting stuck.
Wr

PHP page loading in Firefox but not in IE
hello,

i am currently doing a project in PHP and i have a problem. If I view the project in M

Help with some dates
I have a list of dates in an array:

$mondays = array(
strtotime("October 12, 2009

Weekly Calendar
Hi, I am looking at creating a weekly calendar. The calendar will read from Monday - Sunday. Does an

Last Weeks sDate and eDate.
sDate - Start Date
eDate - End Date

I need to pull two dates for "Last Week" whi

Customizing message/behavior
Hi,I'm using the ASP.NET membership/authorization controls in my application. Some parts of my appli

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash