Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

Variable passed to each() is not an array or object
Hi,

This is a email a friend type of form, and it isn't working anymore.

<?

Multidimensional array problems in $_POST
I'm having trouble with a three-dimensional $_POST array. It starts as a two-dimensional array on th

What's wrong with my code
sobbing for many days, still don't know why please Help. Why my page isn't posted correctly. In a

Problem with PHP/mySQL login code
Hello,

There is an error in my login script and I can't figure out what it is...
I believe

ASP.NET Validation Event Cycle
Hi,
I have asp button as follow:

Career Change into SAP
Hai
I am sajesh ,did my diploma in Mechatronics i have a 4 years of experience in

Turning Data into URLs?
This may seem very basic to you, but I'm having a hard time figuring out how to do this since I don'

PHP error (line 38) my website
Hello everyone, I'm new on this
and I got a web site thats got a error not showing the photos on<

MySQL noob question
hi guys

I have a simple mysql table set up, along the lines of

Col 1 - Col 2 - Date_l

SAP Logon Failed
I tried to login to SAP through MMC.

When i click start and give password.

it