docker-vulnerable-dvwa/dvwa/vulnerabilities/xss_s/source/medium.php

<?php

if( isset( $_POST[ 'btnSign' ] ) ) {
	// Get input
	$message = trim( $_POST[ 'mtxMessage' ] );
	$name    = trim( $_POST[ 'txtName' ] );

	// Sanitize message input
	$message = strip_tags( addslashes( $message ) );
	$message = mysql_real_escape_string( $message );
	$message = htmlspecialchars( $message );

	// Sanitize name input
	$name = str_replace( '<script>', '', $name );
	$name = mysql_real_escape_string( $name );

	// Update database
	$query  = "INSERT INTO guestbook ( comment, name ) VALUES ( '$message', '$name' );";
	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );

	//mysql_close();
}

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`if( isset( $_POST[ 'btnSign' ] ) ) {`
			`// Get input`
			`$message = trim( $_POST[ 'mtxMessage' ] );`
			`$name = trim( $_POST[ 'txtName' ] );`

			`// Sanitize message input`
			`$message = strip_tags( addslashes( $message ) );`
			`$message = mysql_real_escape_string( $message );`
			`$message = htmlspecialchars( $message );`

			`// Sanitize name input`
			`$name = str_replace( '<script>', '', $name );`
			`$name = mysql_real_escape_string( $name );`

			`// Update database`
			`$query = "INSERT INTO guestbook ( comment, name ) VALUES ( '$message', '$name' );";`
			`$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );`

			`//mysql_close();`
			`}`

			`?>`