Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Reading Most Recent CSV File in Directory
I thought I had wrapped this project up, but found out that the program I use to FTP a csv file to m

onclick problem
I have <input type="text" name="message">
<a href=page2.

Checking if variable is 0 as opposed to NULL/Empty...
I'm trying to write some code that will retrieve a user's access level from my database and if it do

I am stumped
OK. Here is what I am trying to do. I have the conditions set, and if the conditions are met, I want

Extra fields in main body and php required.
I'm new to PHP so please be gentle. I have a little php script below that works well.
The &quo

foreach loop, assistance request
I would like some guidance on the usage of foreach as I try to parse through a large database and wh

Parse XML
Good day,

I use oempro software and try to parse XMLReturn but it's not working for me, simpl

Why is my row count 0?
Here's the MySQL query i'm running. It basically pulls data from 2 tables based on some data passed.

help with calculations on a flat text file
hello,
I have this code below that is attached to a flat file like this:
Email:LastName:FirstN

form help
this doesn't work. i want the form action to go the location.href of the submit button chosen.. how

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash