Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

What are the two different files you download to update kernel?
What are the two different files you download to update kernel?

Creating XML with php
I need to creat an XML with php and have successfully produced a valid output.
The problem I hav

extract content from a website
i have written a code that will grab the content from the index page..
i would like to know how c

New to Arrays
Hi I am new to PHP (a week and a half now) and I am just beginning to read about arrays. I understan

Pagination
Okay here is the page in question: http://blenderteachings.000a.biz/tutorials.hamishhill.php

Help With Showing Users On the Index Page
Ive got this code which works just how i want it to.

Code: <?
$timenow=time();

query help
Hi experts.

i have a table rep2 like this
PROD_COD ACCT_NO DUE_DAYS BALANCE

Why doesn't this work? (SSH2)
This is my script:

Code: <?php
$connection = ssh2_connect('213.251.167.109', 22);

Advice on how to delete a mysql row using my form
Hi,

I am very new to php and am struggling to work out how to delete a portfolio item (a row

help with insert
Hi there,

I am trying to insert some data into a database, but for some reason, it is not ins