Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

string to currency format
Hi guys...

Actually I chunk out some data from txtfile and one of the data contains amount va

Wierd echo error?
Hi, i got the most wierd php error ever and i don't know why..
Code: echo "<t

moving mouse to display image coordinates
I have an existing MFC application that shows an image in the main window.
I'd like to be able to

form problem
Hi all, I think this is going to be easy to resolve but for I have been looking at it to long and I

Calculus Help (and by help I mean homework)
Hrmmm, I hate posting about math homework, partly because it's homework, and partly because I hate w

PHP Script runs on CLI but not through web browser
I am running into an issue that I just can't seem to find the answer to. I have a Windows Server 200

please help me in this update statment
hi every one

if I have table and this data in it

id name
10

Probably Easy, Need help with Check Boxes in PHP Code
hello,

Thanks for looking this over and helping me out. My problem is I have a online store l

PEAR in appliactiond development
When I was picking up PHP I went from procedural programming, fairly quickly into OOP, then after wr

values not being entered into table
hi. I;ve created a form, so that when a user enters data into it, it gets added to a table in a data

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash