http://ha.ckers.org/xss.html
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/