I am reading at w3schools.com I do not understand fully. (look at green TEXT color) I am trying to playground on my notepad++ it said $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function.The form code should look like this:<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">The htmlspecialchars() function converts special characters to HTML entities. Now if the user tries to exploit the PHP_SELF variable, it will result in the following output: can i editor like this? since its error. <html><body> <form method = "POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>new8.php"> <b>UserName: </b><input type="text" name="username"><br><b>password: </b> <input type="password" name="password"><br><input type="submit"></form> </body></html>
please let me know thanks.