How to secure PHP web applications and prevent attacks?

1) Cross site scripting (XSS) XSS attacks happen when client-side code (usually JavaScript) gets injected into the output of your PHP script. This can be through the URL, but can also occur via a stored technique such as the database. // GET data is sent through URL: http://example.com/search.php?search=<script>alert(‘test’)</script> $search = $_GET[‘search’] ?? null; echo ‘Search