Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Displaying Multidimensional Arrays...about to put my head in a vice, PLEASE HELP
I am fairly new to PHP and MySQL and I have a problem which I have been trying to resolve for days.

How do I give a developer access to a specific directory and nothing else?
I want to give a develop access to a specific directory and nothing else

I can give them an F

eregi to preg
Im converting my regex for php 5.3 and I am stuck on the following

Code: [Select]if((eregi(&q

How to replace search button with link?
hi to everbody.
i have a search submit form and button like this :

<form id="f

Check before inserting in DB ???
This is my code
---------------
if ( $_POST ['Submit'])
{{
$username = $_POST ['usernm

ASP.NET Validation Event Cycle
Hi,
I have asp button as follow:

PEAR in appliactiond development
When I was picking up PHP I went from procedural programming, fairly quickly into OOP, then after wr

New to PHP and just trying to understand a little code.
I hope I'm not annoying anyone or breaking the rules but I was wondering about this bit of code righ

Effort Estimation Template for Steady State Support
Hi Everyone,

Is there any SAP provided template/format for system change and enhancements

if statements problems
Hi. I'm trying to make a web form, but I kind of hit a dead end trying to figure out why it doesn't

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash