(adsbygoogle = window.adsbygoogle || []).push({}); Well recently I found a vulnrability on my server that allows javascript to "PASS" my login php. I made a filter to change to avoid that. How would I "change it in the making" ?? if that makes sense.

here is what I've come up with.

//if login button is pressed// etc you get the idea

    

if(isset($_POST['Submit']))

{

 $wordlist = ">|<|;|%|&|!|'";

$myusername = preg_replace("/\b($wordlist)\b/ie", 'preg_replace("/./","*","\\1")', $myusername);

}

else

{

echo = "no xss here!";

}

//myusername is the name of username in the form they submit


obviously I would have it say no xss here, but would that work? or how could I revise that?