In this article I took a look at a real web application programmed by a real PHP developer. As is the case with many developers, the concept of XSS was something the developer had never heard of. While the idea was something they could quickly grasp and correct, the simple fact that a form field could be used to execute code as easily as it could be used to store information never crossed their mind. Fortunately, I knew both the developer and the owner of the website and was able to point out the deficiencies of the code and provide solutions to help keep the website secure from would-be hackers. Lets hope that all developers know someone who has at least as much as, if not more, knowledge of security as me!