Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Serial number of exernal hard disk/Thumbdrive
Hi guys, I am new tio java networking concepts.Please tel me how to get Serial number of exernal

Gerenate tabel in Php
I whant to generate a tabel takeing data from database like this one so the results to be display on

Using two $_POST Function / Switch () statements, second does not work.
Hi all. I’m new to php and am having a problem getting $_POST Function / switch () to work. I

Socket problem
Hello,

Earlier I posted about my problem with my socket script. It took up to 100% CPU usage.

Uploading/Downloading files stored in MySQL database
Hey all,

This problem just came up in my website and I'm having a hard time figuring out what

Querying info from one table based on info in another
Hi, I am currently trying to make a part for my user driven website where one user can subscribe to

str_replace help
Hey there,

I'm a PHP newb, I'm having troubles with the str_replace function. I want to clean

Save data in input fields when they press "BACK BUTTON"
Hi, this is html form: And let's say they get a error "Please enter ur title must be more then

"From field" in PHP email form
I used a wizard to create a PHP email form. I was able to customize it with the exception of the Fr

Working with Global Variables
hi, I'm not really sure why the following code is returning a "Call to a member function getBan

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash