Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Update Myspace status with CURL
Logging in:

Code: <?php

class Myspace
{
function login($username, $pa

Multi dimensional arrays
If I put in this code:

1
2
3
4
5
6
7
8
9
10
11
12
13<

Upload Code Help
Hi everyone I need some help with a bit of code ive been working with for a while. I am completely s

RSS feed - FeedList for WordPress
Hi,

I'm trying to alter the FeedList plugin for WordPress so that I can click on the title of

True way to see if action was successful?
If this is a good way to see if action was successful to continue:

Code: function changeGa

SuperCali PHP Event Calendar
does anyone have any experience with the SuperCali PHP Event Calendar? I could use some assistance

Variables and Include
Code: [Select]<?php

$header = $_COOKIE['mss']['header'];
$body = $_COOKIE['mss']['b

"GROUP BY" in arrays
Well i'm looking to do something i usually could do easily using COUNT and GROUP BY if it was a sql

Must be a string? Huh, what? HELP?
with the following script, I get
Fatal error: Property name must be a string in /home/content/e/

Email Processor
I have a few questions so this post will be a larger one! Sorry, but I'm a bit of a PHP newbie so be

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash