PHP is an open-source server-side scripting language used for the creation of dynamic web pages for e-commerce and other web based applications.
It is also one of the most popular server-side languages commercially used today.
With consistent fast performance, high reliability and ease of use, MySQL has become the open-source database of choice for many organisations.
Together, these two technologies provide you with a simple, free and powerful platform for building dynamic, database-driven web applications.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a security exploit which targets Web sites that accept user input but don’t filter that input for common characters or strings used in scripts.
A vulnerable web page, which may be referred to as an XSS hole, allows the attacker to insert malicious code into a user input field. If a visiting client’s browser is not up-to-date with the latest XSS filters, the malicious code will be delivered unfiltered and the browser will execute the malicious script when it loads the page. Typical XSS exploits allow the attacker to hijack the user’s session, redirect the user to a malicious website, manipulate what is displayed in the victim’s browser or steal data and credentials.
Web server applications for large sites that aggregate code and generate Web pages dynamically are most vulnerable to cross-site scripting exploits because it can be difficult to validate code from multiple sources in a timely manner. To protect against cross-site scripting exploits, experts recommend that enterprises and individuals make sure they are using the latest version of their browser.