Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

PHP Error
On my .php page I have a drop down box that has several names in it. When a user clicks the name &am

Trying to add functions to table
I have this list of characters and I'm trying to figure out what I have to do to put the results of

foreach result into a single variable
Hi,

I have this code...

Code: [Select]foreach ($_POST['Interests'] as $interest =&

PHP If Else statement for breadcrumb
Hi

I am trying to use a PHP if else statement to display a breadcrumb link on wordpress

How do I use ValidatorCallout extender in Login control?
Hi,I'd like to customize the look and feel of the login control a little bit. One thing I'd love to

strtotime issue
Hey all,

I'm playing around with some code, and basically the idea is:

Person changes

Show message after entering data
Hello Colleagues

I would like to display messages after entering the data example: "
dat

Creating web pages by php
Hello again,
I was just wondering us there a way to use a php script to create a new web page. I

Coding question?
Hey guys, I have a quick question. If I want to make a way for people to pay for health in my game,

Best way to check for end of a record and send it back to the first record
I'm hoping someone can help me out and explain the best way to accomplish this.

What I'm doin

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash