<?php
// It is important to sanitize
// input! Otherwise, a bad actor
// could enter '<script src="evilscript.js"></script>'
// in a URL parameter. Assuming you echo it, this
// would inject scripts in an XSS attack.
//
// The solution:
$NAME = $_GET['NAME'];
// Bad:
echo $NAME;
// that one is vulnerable to XSS
// Good:
echo htmlspecialchars($NAME);
// Sanitizes input thoroughly.
?>