1<form action="<?php echo $_SERVER['PHP_SELF']; ?>">
2//there is no reason to use this to submit form data to the same page
3<form action="">
4//will do the same thing
1// Here is how to post form data to self or to the same page &
2// avoid the PHP_SELF exploits at the same time.
3<form name="my_form" method="post"
4 action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
5</form>
1<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
2
3
1<?php if (!empty($_POST)): ?>
2 Welcome, <?php echo htmlspecialchars($_POST["name"]); ?>!<br>
3 Your email is <?php echo htmlspecialchars($_POST["email"]); ?>.<br>
4<?php else: ?>
5 <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
6 Name: <input type="text" name="name"><br>
7 Email: <input type="text" name="email"><br>
8 <input type="submit">
9 </form>
10<?php endif; ?>
11