// The name variable is now being properly sanitized, rendering the code safe from CSRF attacks.echo 'Hello, ' . stripslashes($_GET['name']) .
<?php
require_once('../_helpers/strip.php');
// the `name` variable isn't getting sanitized, making it vulnerable// to a reflected Cross-Site Scripting vulnerability.echo 'Hello, ' . $_GET['name']