For the clueless retards among us that still don't know how to avoid XSS this is a tutorial on how to avoid it. please prepare for a long post because this is very hard to patchwhat u want to do is use a function that is hidden very deep in the php documentation and that is hard to find by using google called "htmlspecialchars()" now what you want to do is whenever u echo something u pass the data through that function first and then you have no xss.an example:"Wow i am doing scary stuff here

", ENT_QUOTES);?>"ENT_QUOTES is used to replace single quotes as well.now to make it easier for yourself turn it into a function""and now you have no more excuse for XSS vulns. and i know the example i made wasn't xss u can go f yourself.

You're trying way too hard for the programmer badge