While first I was using PHP_SELF but suddenly I read some users comments and they prefer for the SCRIPT_FILENAME, As i want to use in form and to avoid xss and such codes. Which one should you prefer?
<?php
$sn = basename($_SERVER['SCRIPT_NAME']);
// Or
$sn = basename(__FILE__);
Anyone know if $_SERVER['SCRIPT_NAME'] should be sanitized too before use? I have been using it in my apps. Atleast Acunetix and Nessus scans did not report any XSS vulnerabilities if I remember correctly.