Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related codi

Problem with a select distinct
I have a problema with a select distinct, I have the next sql:

select distinct a,b,c,d fr

Trigger tag in aspx is not coming
hi all ,iam new to ajax, iam using file upload inside the update pannel but right now i want to use

php forms and database navigatio
Hello,
I'm new to php and i'd like to post the following.
I have written code to get records f

Got A Free Server :(
So I was given a free server

http://shopping.yahoo.com/p:Compaq%20ProLiant%201500%20Server:1

Spliting paragraph into sentences and attach in
Here is what I am trying to do

example: Para1[123.456.789!] 3 sentences
Para2

Developing Ajax-enabled ASP.Net applications for the iPhone
I would like to develop Ajax web applications using Visual Studio that are optimized for the iPhone.

Save username into DB
OkaY so I got my blog to actually save the posts and whatever, all I need now is for it to keep the

big pagination problem in php
<?php

$connect = mysql_connect("localhost", "root", "")

Help with some dates
I have a list of dates in an array:

$mondays = array(
strtotime("October 12, 2009