how does    This tool is designed to help search for XSS and SQL Injection vulnerabilities. This service enables you to check PHP files as well ZIP archives up to 10 mb. The VIP users ( registered users) are provided with a detailed scan report.  As a result of the scanner’s work, the name of the file will show up in which a potential vulnerability has been found as well as numbered lines of the insecure code in that file, a vulnerable parameter and the vulnerability type.

    Error requires special attention as it is a 99% vulnerability (XSS or SQL Injection).
    Warning means that part of the code in the function was written insecurely. You will have to track on your own how this parameter enters into the function.
    The scanner allows entering customized screening functions. This is not necessary as the scanner defines them automatically.
Read here about protection measures: XSS or SQL Injection