Securing a user input - need some confirmation

Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks

Your Answer:

Login to answer

Other forums

PHP and SMS
Hi all forum members. I am new here and am unsure what category shoild I post this in.
Moderator

Export hangs
Hi all, please help

I have a Oracle 10.2.0.3.0 database. When I want to query the dba_segmen

Automatically Detect Phone Model for WAP Jar Deployment
Making a wap site is fairly simple, but I'd like to know if there's a way to make it so that the wap

extract data
Code: <div class="post hentry uncustomized-post-template">

code help - pagination
Hi all, I have this code, basically a user logs into my site and they get this page.

The pro

Need help to modify php ELSE code
I'm trying to find a way to have the php code display a message if there is no inventory listed in t

include problem
I have my root folder as:
Code: $root = $_SERVER["SITE_HTMLROOT"]; // the server root<

storing video files into mysql in php
hi

i have my video files in my folder ,
i have to store the path of the videos into db an

Thread in PHP
Thread in PHP
Some basic use and basic code for thread in php
This is my question?

First root of a number
Hi,

I can't find any function in php to give me the first root of a number.
Is there any