Tedd's Secure $_POST form

Message:

Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>

 

CODE FOLLOWS

<?php
    
include('includes/header.php');    
    
    
// code
    
error_reporting(E_ALL);    // set error reporting to all
    
$self basename($_SERVER['SCRIPT_NAME']);
                            
    echo(
'<h1>Tedd\'s Secure $_POST form</h1>');

    
$message = isset($_POST['message']) ? $_POST['message'] : '';

// filter all input for Browser output
    
$message htmlentities($message);
?> 

<?php echo($message);?>
         
        <form action="<?php echo($self);?>" method="POST" >     
        <table>                       
            <tr> 
                <td class="right">
                    Message:
                </td> 
                <td class="left">
<textarea cols=80 rows=6 name="message">
<?php echo($message);?>
</textarea>
                </td> 
            </tr> 
                                    
        </table>                             
        <p>          
            <input type="submit" name="submit" value="Submit"> 
        </p> 
        </form>
        
        <p>
        Cut &amp;Paste The Following:<br>
        &lt;script type="text/javascript"> alert('Danger Will Robinson!!!');&lt;/script>
        </p>
        
        <form action="form-unsecure.php" method="POST" >                                   
            <p>          
                <input type="submit" name="submit" value="Goto Unsecure Form"> 
            </p> 
        </form>
         
<?php 
    
include('includes/footer.php');    
?>