Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

quick question
Hi ..

i have a question
how do i set a var so it displays via an echo
Code: $logo = '&a

Parse Error Help
Hello, I got the parse error "Parse error: syntax error, unexpected ',' in register.php on line

Values disappear from my array :( HELP!
hey all, I have a lil mysql/php/apache script that queries a database
and pulls put 5 integers.

Please Help my PHP Dating Function.
Hi everyone!

Well here is my code that displays this:

It works wonderful.

Parse Error with doctype
I'm getting a parse error with this simple code. I don't get it. It worked one time then when I relo

php mysql script to find record
Hi,

Currently I have a simple table with 4 columns. A, B, C, D

If I want to find all

Need help making login verification cleaner...
I use the below to verify user login. I first check the cookie for the id, ip and a unique id. If it

PHP url branch??
Functionally, using PHP, I'm doing a test of login input submitted by a user via an html form in a f

asp authentication problem
Hello all, I want to use the asp authentication (from asp.net configuration) in my web site. there

Calculating n! using vector
#include
#include
#include

using