diff --git a/examples/static_captcha.php b/examples/static_captcha.php
index 0b0b49f3777c5ec4e99623eb82c71d418be9f74b..078ff2b6e8f5a5a63c11a15ad68fc9687b708d13 100644
--- a/examples/static_captcha.php
+++ b/examples/static_captcha.php
@@ -58,6 +58,8 @@ if (isset($_GET['validate'])) {
 // generate a new captcha ID and challenge
 $captchaId = Securimage::getCaptchaId();
 
+$currentScript = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES);
+
 // output the captcha ID, and a form to validate it
 // the form submits to itself and is validated above
 echo <<<EOD
@@ -82,9 +84,9 @@ echo <<<EOD
     <p>&nbsp;</p>
     <div>
       Captcha ID: $captchaId<br /><br />
-      <img src="{$_SERVER['PHP_SELF']}?display&amp;id=$captchaId" alt="Captcha Image" /><br />
+      <img src="$currentScript?display&amp;id=$captchaId" alt="Captcha Image" /><br />
 
-      <form method="get" action="{$_SERVER['PHP_SELF']}">
+      <form method="get" action="$currentScript">
         <input type="hidden" name="validate" value="1" />
         <input type="hidden" name="id" value="$captchaId" />
         Enter Code:
diff --git a/examples/test.mysql.static.php b/examples/test.mysql.static.php
index 71ae6db85f9bc3eb0d92348177984e62d580fd3b..a1459af839d8d8d06b58ec9ef5905f723f072851 100644
--- a/examples/test.mysql.static.php
+++ b/examples/test.mysql.static.php
@@ -110,11 +110,11 @@ $captchaId = Securimage::getCaptchaId(true, $options);
     <p>&nbsp;</p>
     <div>
         Captcha ID: <span id="span_captchaId"><?php echo $captchaId ?></span><br /><br />
-        <img id="siimage" src="<?php echo $_SERVER['PHP_SELF'] ?>?display=1&amp;id=<?php echo $captchaId ?>" alt="Captcha Image" />
+        <img id="siimage" src="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES) ?>?display=1&amp;id=<?php echo $captchaId ?>" alt="Captcha Image" />
         [ <a href="#" onclick="refreshCaptcha(); return false">Refresh Image</a> ]
         <br />
 
-        <form method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
+        <form method="get" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES) ?>">
             <input type="hidden" name="validate" value="1" />
             <input id="captchaId" type="hidden" name="id" value="<?php echo $captchaId ?>" />
             Enter Code: