1<form action="<?php echo $_SERVER['PHP_SELF']; ?>">
2//there is no reason to use this to submit form data to the same page
3<form action="">
4//will do the same thing
1// Here is how to post form data to self or to the same page &
2// avoid the PHP_SELF exploits at the same time.
3<form name="my_form" method="post"
4 action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
5</form>