Securing a user input - need some confirmation


Posted on 16th Feb 2014 07:03 pm by admin

Hello All,

I am in the process of recoding a large proportion of an e-commerce site, one of the problems is that there are a few security issues floating around.

Did you know?Explore Trending and Topic pages for more stories like this.
I have a search box which was originally unprotected against XSS, I was easily able to execute JavaScript and force the system to echo out HTML *holds head in hands*.

I am using this code:

$term=preg_replace('/[^a-zA-Z0-9s]/', "", $term);

...to remove any non-alphanumeric characters (excluding spaces), I am thinking because this will strip out any characters like ', ", <, >, /, = etc, it should make my script safe again.

Can you confirm this, or is there something that I am missing?


Many thanks
No comments posted yet

Your Answer:

Login to answer
217 Like 28 Dislike
Previous forums Next forums
Other forums

Snapshot from video
anyone knw how to make a snapshot maker from avi n mkv format.
for example if i give a direct lin

how to get different value in second view of webdynpro?
hello guys,

In ABAP webdynpro I am trying to create one application having two views.

First root of a number
Hi,

I can't find any function in php to give me the first root of a number.
Is there any

Unexpected T_Variable ?
Hi all,
I dont really know what I am doing!! I know I'm doing something wrong, and I know its on

reating a background image
I am building a site in drupal and have a php form in it, due to certain annoyances with module buil

MySQL Does not UPDATE- SQLString Problem
vb Syntax (Toggle Plain Text) 1. SQL = "UPDATE sampletable SET column1 = 'C1sample1'"

Include with Parameters
In a particular page I would like to include a file that requires $_GET parameters.

when I go

Loop Through Date Range
Hi guys,
I have date range as parameter like 01/JAN/2009 TO 16/JAN/2009 now i want to loop thro

Sessions Value Not Saved
Hi,

Im making a login form and im using this code:
Code: if($login=="true"){

Displaying data from MySql a different way
Hi all,
I'm pretty new to php and MySql and have hit a problem.

I am able to display data

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash