Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

Not Loading Function Into Div
I'm not sure whether to put this under the php forum or ajax forum but because I tink it's more of a

How to implement HTTP connection timeout
Hi All,I would like to implement an HTTP connection timeout.

I am working on a application wh

Multi Dimensional Array Append
Hi Guys

I have a function that returns a multidimentional array eg

$result = functio

PHP and SMS
Hi all forum members. I am new here and am unsure what category shoild I post this in.
Moderator

how to remove in php string display
My code is

$message="We're looking at developing our website.";

$body= "

include problem
I have my root folder as:
Code: $root = $_SERVER["SITE_HTMLROOT"]; // the server root<

PHP, jAVASCRIPT setting input values, why isn't it working?
Hi:

I am calling this javascript:
<script language="javascript">

MVC - Code review
I'm in the process of trying to wrap my head around MVC, and as part of that, I'm attempting to impl

Function to extract email attachments using PHP IMAP
function extract_attachments($connection, $message_number) {

$attachments = array();

Display error above the login forum help!
Hi guys. just so you know im not asking for someone to do this for me I just need to be pointed in t