this thing is really screwing me over :p.
i discovered the XSS vuln and the GET bug and upon fixing them it doesnt work. ive tried all different kinds of sanitation of the XSS vulnerable variable, including htmlspecialchars(...), htmlspecialchars(..., ENT_QUOTES), htmlentities(...), addslashes(..), urlencode(...) *Q: does this even make sense to use??*..
please help lol this thing is driving me nuts.