What is the difference between $_SERVER['PHP_SELF'] and $_SERVER['SCRIPT_NAME'] in PHP?

$_SERVER['PHP_SELF'] and $_SERVER['SCRIPT_NAME'] both provide the filename of the currently executing script, but there is a subtle difference between the two. $_SERVER['PHP_SELF'] returns the filename of the currently executing script, including any path information, while $_SERVER['SCRIPT_NAME'] returns the filename of the currently executing script without any path information. It is recommended to use $_SERVER['SCRIPT_NAME'] when referencing the current script in order to avoid potential security vulnerabilities.

$current_script = $_SERVER['SCRIPT_NAME'];
echo "The current script is: $current_script";