HTML, JavaSript vulnearbility

We allready had thread like this, but It was deleted during attack. So Mr_Cheese you said [script language=php][/script]can be used is some pages. I had tryed a many combinations but I didn't suceed to use it on any page which use php. I try to write my scripts for this but none of them was working, I tired just simple form post like this: [?php echo "[br][form method=post action='$PHP_SELF'][input type=textbox name=testek]"; echo "[input type=hidden name=action value=1][input type=submit value=Submit][/form]"; if($_POST['action']){ $test = $_POST['testek']; echo $test; } ?]

and I tryed get php to works from database….

So what should form look like to be vulnerable??