Try to search a bit harder, as there's a billion tutorials on the Internet, and this question has been asked many times before. There's many sites like this with good information, such as but not limited to the links below.
The Beginners Guide to XSS:http://www.xssed.com/article/31/The_Beg ... de_to_XSS/
Finding Vulnerabilities in PHP Scripts by SirGod:http://forum.intern0t.net/offensive-gui ... irgod.html
Exploit-DB Blogs about Web Application Security:http://www.exploit-db.com/category/maxe/
There's a lot of courses about how to learn Web Application Security, as this is what you want to learn. Check out OWASP's website as well.
Then: PHP or ASP (or JSP or any other web language, I recommend PHP as it's easier to learn and a lot of web applications are written in this language, however most corporate ones are not written in PHP.)
When you feel comfortable with these languages: Download some random web apps, those that are not widely used as these are often more secure, then try to review the code for bugs like XSS. (Unsanitized input.)
You can also just fuzz any input field you find, within the web app you download.
In addition to the links above, there's also YouTube (w00t), SecurityTube, and various providers of infosec courses as well such as: eLearnSecurity, SANS, LearnSecurityOnline, and so forth.
If you want something to practice on, try WebGoat for starters. (There's other projects similar to this, and there's even a nice thread in one of these sections on this website, that was recently updated with pretty much almost all such projects.)