Invalid query :'SELECT * FROM books WHERE id = \"></title><script>alert(1337)</script>><marquee><h1>XSS by Xylitol</h1></marquee>' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"></title><script>alert(1337)</script>><marquee><h1>XSS by Xylitol</h1></marque' at line 1