1// Here is how to post form data to self or to the same page &
2// avoid the PHP_SELF exploits at the same time.
3<form name="my_form" method="post"
4 action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
5</form>
1<?php if (!empty($_POST)): ?>
2 Welcome, <?php echo htmlspecialchars($_POST["name"]); ?>!<br>
3 Your email is <?php echo htmlspecialchars($_POST["email"]); ?>.<br>
4<?php else: ?>
5 <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
6 Name: <input type="text" name="name"><br>
7 Email: <input type="text" name="email"><br>
8 <input type="submit">
9 </form>
10<?php endif; ?>
11