Is there any security issues when combining $_SERVER['PHP_SELF'] and $_GET in action form attribute like this:
$id = $_GET['id'];
echo "<form name='name' action='".htmlspecialchars($_SERVER['PHP_SELF']."?id=".urlencode($id), ENT_QUOTES, 'utf-8')."' method='post'></form>";
?
Is this correct way of using htmlspecialchars and urlencode?
Cheers,
Nikola