Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

php/xmlrpc class issue
I am working on xml-rpc in php to start with.

I have a class that only has variables defined

Inserting a check in checkbox from array value
Hello all,
I have a bit of code that works for a select option box, but does not work for my chec

adding 0 to numbers
Hey guys i need to create a 00001 number in a loop. Is there a better way of forcing a 5 digit numbe

need help with php get
i have a option box that gets filled with dates, but how do i get once the option value has been cli

Multiple submit forms inside a mysql array page
Hi all,

Im having trouble to get the beneath script to work the thing i can't seem to get wor

PHP switch function help
Hi, I am trying to create a search function for a directory website. On the search function on html

multipart emiail forms
Hi All,

I am new to the boards and I've been working on a form (which is rather massive, imo

Help with PHP and checkboxes
I am posting this for a friend of mine, i wrote a small script for her to process her form data to a

Custom array sort? asc then desc
Any ideas how I could sort this array? I've been trying for a while. Maybe with usort, but I have no

distinct rows
Hi
version 10.2.0.3

I have a query output something like the following

ID

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash