Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Count Session and Trigger Events
I am New in PHP, seeking a method to count logged users by counting the sessions or any …, is

values in array being escaped
I would like to submit some values - back to the same form for checking before processing...

Header is not working in IE
Hi ! header function is not working in IE but it works in FF, Safari, Chrome. any help please. :

PHP Redirecting
Hello everyone. Is there a way to redirect people to pages within a statement in PHP? Since there is

php web service error
hey guys,
I'm working on a project requires the use of web services. I've been trying a few tutor

Trouble checking SESSION cookie
I am trying to use $_SESSION cookies to verify admin privileges .
I don't understand why this is

progress bar...need expert opinion of experienced webmaster
Hey guys, quick question:

I want to display a progress bar when I upload files, but I am not

Progress bar tracking file downloads
Hey guys, was wondering if there was a way to track how far a file has been downloaded. I know there

Images outside webroot
Im hopeing someone can help me with this because i cant figure it out.I have setup an ASP.NET websit

Displaying returned XML in another PHP page
I have an online payment form that will return XML given if a payment is successful or declines. I

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash