[pretoriusB]

That happens in 99% of PHP+MySQL tutorials out there...

And looking a little closer, even in the most reputable sources, you can found XSS and especially CSRF vulnerabilities aplenty.

People should not get security advice from a beginner's tutorial anyway, even if it covered XSS, it would have tons of other problems.

[bbotond]

But those tutorials should include a warning like "what we teach here is enough for you to build a nice dog house but using the same techniques on a sky scraper will surely lead to disaster" - and then give you resources to educate yourself further.