Hi thanks to the php experts in this forum for shedding light to php security but now, regarding scripts exploit if you have a name field someone can insert '><script language='JavaScript'>alert('boo!');</script><a b=' your data will not be ruined, but when the page containing the name opens, you'll receive pop up window with the message boo. Harmless, but someone can insert this script like 100 times in the name field and the pop up windowwill appear 100 times so your page will be unviewable. How to block from this kind of exploits? Do we use pregmatch tosearch for scripts? Is there other types of scripts that does not contain the word scripts?
this technique is called XSS attack. You can insert a Validation Check in your script . for more info on how to block XSS go to Good Luck!
I'd add that this may be more dangerous than what it looks at first sight. If you have any sort of authentication on your website, it is possible to steal the credentials of the user with the XSS attack, to manipulate some cookies, to change the content of the pages, ... So be very careful with that. The rule is: never use a content sent by the user without prior validation. This also includes content which should not be modified by the user but which COULD be (example: <input type="hidden" ...> fields in HTML forms).
This is not the way to go. You should not try to remove what you think is bad - you should allow only what you know is good. The best is to put all user input through htmlentities(...). That should protect you.