Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Bit manipulation program with binary operations
My homework is to create a program to scan in and add binary numbers and print them like so

Passing variables with pagination - iterating through unique id per link
Hi everyone,
I have seen a few topics like this one. Still cant find the specific thing, so I am

How to set pass login name from htaccess to php
When the user logs into my members page via htaccess, I'd like to retain the username so that I can

Filling gaps in dates
So i'm doing a query for sales data and my return array looks like this

('date' => '20

how can i expire the submitted page using session.
hi,
i'm new to php world.
i'm using "post" method.
when i submit it,data goes to

Disabling SAP menu
How do I disable SAP menu for all the users and just restrict them to User Menu in SAP ECC 6.0?

Curl timeout breaks script
So im having difficulties with skipping timeout error in curl
my script calls different functions

Form Help
Here is the form:

Line number On/Off | Expand/Contract<? include("../include/sess

writing a screen scraper
Hello,

I'm writing a screen scraper application and want to be able to get absolute addresses

Image loading
Hi Developers,

I'm trying to display an image from images/image.gif getting the url from mysq

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash