Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

At max how many columns is advisable to create in a table/view
Hi All,
I have two transaction table from which i want to create a simple view or material

Sum of Values in an Array
This is probably really simple... but it's been years since I've written anything, so bare with me!<

download directory onto C drive
I am attempting (if this is possible) to write a routine to automatically dump the contents of a dir

Pop-up Banner
Hello Friends,I need to use banner in our client site.Example: www.example.com if i enter this site

Character Sets/Collations Stuff
Can someone please give me a check list of things I must do to setup all the charset stuff for my ph

Need help with some php code :)
Hey! I'm quite new to this whole thing, so please don't fire me with shait on this one =D

I'm

does anyone know a php script to send mail using gmails/googles free smtp server
cause i heard u can do that but i dont know how

Table trouble
i have been reading the forum for a few weeks and decided to join. i like the format and the advice

How to show the difference between two data field in a database with php.
Hello php gurus,

how r u all... i'm not so well facing a typical problem please help me...<

very easy question about SQL info
Hello,
I think that I have a very easy question.
I know how to create a form using php SQL and

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash