Quick Question - XSS secure
Posted: Sat Dec 26, 2009 1:04 pm
Hey Gurus I consider this piece of code secure from XSS attacks but aparently it is not according to a program which analyses website vulnrabilities (Acunetix Web Scanner).
Is the program wrong or am I wrong. For the record i dont rely on programs to find my security flaws I just use it out of curiosity, secound opionion doesn't hurt after all 
Code: Select all
if isset(($_GET['msg'])) {
$msg = mysql_real_escape_string($_GET['msg']);
echo "<div class=\"msg\">$msg</div>";
}