Hello I'm a newbie in script writing and my site was hacked recently. I perfomed a website audit and the result was that I had a vulnerability. They said I should filter metacharacters from user input but honestly I don't know how to do that.

They also mentioned that the problem was with the POST variable redirect.

Can someone please help me? This is part of the php script:

$template = new Template("templates/subscription_done");
$template->set_file("tpl_subscription_done", "subscription_done.tpl");
if (isset($redirect) && trim($redirect) <> "") {
$redirect = trim($redirect);
if (!eregi("^https?://", $redirect)) $redirect = "http://$redirect";
$template->set_var("REDIRECT","<meta HTTP-EQUIV=\"REFRESH\" CONTENT=\"60; URL=$redirect\">");
$template->set_var("CONTINUE","<a href=\"$redirect\">Click here to continue</a>");
}