Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Passing Variables
What I'm wanting to do is when the user clicks on Arenas it will know the name of the country it's w

PHP mail() returns true but doesn't work
First off I apologize if this is a newbie question, and I generally don't like asking questions that

for some reason mysql query not working, not inserting, please check it out
This code is not inserting anything into my db, don't know why, the $_SESSION variable does contain

Warning: mysql_num_rows() expects parameter 1
When i add quote at the end of this link
example:http://localhost/articlemania/category.php?cid=3

DirectoryIterator and Hacked Website
Hi Everyone.

My problem:
Some one has been sneaking in to my website hidden Iframes. I've

Auto fill in input value based on User_ID
Hello,

I'm looking form some input on the following problem.

User loads page ->

SMTP server...
I recently found a tutorial online on SMTP authentification for sending emails from webpages, here i

I think i'm using the syntax incorrectly
Hi Everyone!

I'm new to this forum and a newbie with PHP - I'm glad I found this site - I hop

ok i need to join all this pages to make 1 neat code
i have 5 pages that make up my tv guide it works 100% but i want to make it 1 page if i can or 2, i

Take info from one coloum and move to another
Hi all,

I have this:
Code: [Select]$array = "SELECT stock_id FROM stocks WHERE stock_

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash