Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Get keys and values from an array
Hellow,

I have an array $Data with keys and values. With a foreach I can display all the valu

PHP friend keyword equivalent
is there a PHP equivalent for the C++ friend keyword?

i have no idea why this isn't working
Code: <?php
session_start();
include("connect.php");

error_reporting(E

why aint this working?
i have this code:

Code: $num = 250;
$count = ($num - $rcount);

echo $rc

Create multiple (n) arrays
Hi there,

I have the following need:

I have 2 arrays (coming from a databases)

Opening Multiple Files/Links in Order.
I want to open links in order/one-by-one and check each for a specific string.

Example:
I

Lining up columns nicely.
Hello everyone, I'm having problems with making columns line up properly. Here is my code:

PHP onsubmit in the form not going to the fuction.
I have a form through ‘onsubmit’ calling a function validation(). But not going to the

problem with sql querry in php script
Hello guys,

What I want to do is I want to read out a csv file and then but te conent ot the

Sub-domains & calling unique content
Hello,

Is there a way use something similar to the $_GET function for a sub-domain? I to be a

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash