These pages will show how to process PHP forms with security in mind.
Proper validation of form data is important to protect your form from hackers and spammers!
You won't have to take care about routine tasks such as writing two validation scripts (client and server) and your code will be safe against security breaches.
This is just a simple and harmless example how the PHP_SELF variable can be exploited.
Be aware of that any Java Script code can be added inside the - this would not be executed, because it would be saved as HTML escaped code, like this: <script>location.href(' The code is now safe to be displayed on a page or inside an e-mail.