Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

Question handling xml data
Hello,

I have sucessfull followed this tutorial
http://www.phpfreaks.com/tutorial/handlin

Mysterious Timeouts
I've deployed a few simple AJAX-enabled web page to a local server that is accessed through the Inte

Working with Dates, help.
Sooo to make a long story short, here's what im trying to accomplish.

I need to create a drop

Printing a webpage
I use this to print the webpage: o

GMail like Chat in ASP.NET
Hi,Can anyone suggest me, how to incorporate GMail like chat in my existing ASP.Net application.I wa

Need some ideas as to how to go about sorting this array...
Here's how the array's are created..

Code: <?php
while ($x = readdir($dp)) {

Simple Variable Question
Hi everyone.... again,

I am really getting into php still. Learning more every day. I love it

I got my hosting suspended XD
So I saw this challenge a day or so ago

http://www.programming-challenges.com/pg.php?page=dow

radio button reamains checked
Hello i'm trying to keep the state off my radio buttons so it shows which ones where clicked after t

What exactly is net neatrality?
What exactly is it? I think it's anti-censorship and... stuff... but I don't really understand it