" method="post"> .... is what i do or go total paranoid (which i don't) and do: P..."> " method="post"> .... is what i do or go total paranoid (which i don't) and do: P...">
form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>" method="post"> ....
substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - @strlen($_SERVER['PATH_INFO'])));