Hello world in PHP
The way you shouldn't do it !

Hello !

  • Enter your name in the field below and this page will say hello to you.
  • Now, copy paste alert('You are a fu..... m..... f..... !!')") ?> in the field and enjoy what happens ...
  • Even worse, copy paste ") ?>
  • A last example, window.location='http://www.badlocation.com/'") ?>

What if the injected value does not come from you but from a not trustworthy user? Congratulations, your PHP programs allows cross-side scripting attacks (XSS) ! Don't know what it means ? Use the form !

window.open('http://www.google.com/search?q=XSS+attack','','')") ?>