Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Thought I has this figured out especially after all the help i received?
Cags, Salathe, Daniel helped me with this yesterday, but not sure i took it all in.
I am attempti

Adding to the next element in a multidimensional array
Hi, I'm trying to add a value to $node->field_spaces['nid'] where x is the next available spo

Product categories for registration
Dear all,

We are going live with the Supplier registered next week. At standard, the 'sel

Forum tutorial
Im a beginner in PHP. Im making a forum(previous questbook, counter and few others) to learn. For no

How could I do this?
Ive got a simple lottery game, and am using an sql database to keep track of the numbers bought. But

What are the two different files you download to update kernel?
What are the two different files you download to update kernel?

how can i display php source code snippets ?
I am outputting some pho code .. and I want to display the source code so people can copy and paste

Mail sending is slow on server
Why mail is taking time to be send on apache-linux server

Allowing ' and "
Hello everyone,

I am creating a form where users submit information to go into a database. I

Sort Alternative/bi-monthly
Hi all,

Am going mad trying to get something to work.

I'm creating a CMS for a magazi

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash