Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Open browser page depending on XML results
Hello,

I have some PHP code that sends webbased from data to an external url ( in the form of

Problem writing URL into database
How would I write this into the database?

<?php echo "http://".$_SERVER['SER

.htpasswd Registration Form
Hi,
I wanted to make an htpasswd registration form.
I found this code on the internet but have

Where do I put CRON code
So I've figured out alot about how to automatically run a php function. I can't figure out where to

getting weird error..
okay, I'm getting an error on this particular function, something about the syntax in the mysql LIMI

Php navigation
I have four buttons on a php page.
If i click a button it will redirect to different php pages.

Reduce redundancies in switch functions?
Hello all! I somewhat new to PHP, and was wondering if anyone could give some suggestions on a swit

SQL Query/echo not working
Hey all,

I'm trying to run (what I thought) was a simple operation and it isn't working. I h

System copy error in RUN ABAP REPORT PHASE
Hi,
I am performing system copy on my test server. I have previously taken export of JAVA + A

Error in query: Resource id #4??
hey guys, having a minor (i think) problem here that i havent been able to figure out. long story sh

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash