<form method=post action="<?=$URI?>">
<p>Please enter your MySQL login information:</p>
<form method=post action="<?=$URI?>">
<p>Please enter your MySQL login information:</p>
-<p>username: <input type="text" name="u" value="<?=isset($i_u)?$i_u:''?>"></p>
+<p>username: <input type="text" name="u" value="<?=isset($i_u)?htmlentities($i_u):''?>"></p>
<p>password: <input type="password" name="p"></p>
<?php elseif (isSSL() && !empty($SSLCred)): ?>
<form method=post action="<?=$URI?>">
<p>password: <input type="password" name="p"></p>
<?php elseif (isSSL() && !empty($SSLCred)): ?>
<form method=post action="<?=$URI?>">
-<p>You are identified as: <?=$SSLUsername?></p>
-<p><?=$SSLName?></p>
-<p><?=$SSLEmail?></p>
+<p>You are identified as: <?=htmlentities($SSLUsername)?></p>
+<p><?=htmlentities($SSLName)?></p>
+<p><?=htmlentities($SSLEmail)?></p>