Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

help removing unwanted graphic
How do I remove the small elongated rectangular shape between the "Latest post" and "

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

A problem with my GD class
Hello,

I created a nice (and simple for now) GD class.
The problem is , it works great on

Performance impact of cookies
Hi, I was just wondering what impact there would be in terms of performance if you where to set then

OOP help
okay so i have a class im making it has everything setup i just need to randomize the 2 variables an

PHP MySQL and DATE
Hi everyone

I have a databse and in one of the columns I have date values such as 2009-March-

mod_rewrite.c on windows ??
why it's not working on windows while it's working on other hosts???

this is the code i got

Extract text from string
Hi folks,

I have a string that looks like this:

aaaaaaaaaa:
bbbbbbbbbb (ccccccccc)

Change Sort Order to Display Newest File First
Hi Guys,

I have a page that sorts the contents (PDFs) of a directory and displays them on the

error help - Dynamic Image
I've been working on making my site less cluttered in the directories and more secure lately. In an