The code you have should work; it is basically the same as the simple sample code found on multiple sites, however it is susceptible to XSS tampering.
The work-around for this vulnerability is to would be to html-encode the entities within the URL:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
1. Using PHP_SELF in the action field of a form
2. PHP 5 Form Validation