// Here is how to post form data to self or to the same page & // avoid the PHP_SELF exploits at the same time. <form name="my_form" method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> </form>