I simply did it by passing html tags as the item number. Since you print out the item I was trying to access without escaping the html... well. The best way to fix it to say 'That item ID does not exist', rather than 'Item ID xxxx does not exist'. Never print back to the user information that they gave you without validating it first.

If the above content is missing any vital points or you feel that any of the information is misleading, incorrect or irrelevant, please feel free to downvote the post. At the same time, please reply to this node or /msg me to inform me as to what is wrong with the post, so that I may update the node to the best of my ability.