Thanks man i already gave external full stake developers and security audit firm to check it and it came out right ,
What was the name of the security audit firm?
Just in case someone takes you seriously...
I have followed CCSS standard and done input filtering , XSS prevention,File Upload Safety,Form Token Validation, Protection against SQL injection, with Secure backend.
Several exchange already using my script but cant mention names.