php sees html input as a code

Most likely you are not separating your php code from your html code. But there really is no way to answer your question because you did not show us your code. Would like to have been of more help.

Okay lemme just write a simple sample of the code.

Ok first a few minor errors in your code, but since it is just an example that does not really matter.

Exploitation of your code is not possible when the page is streamed out, because the periods and other PHP command codes you insert in your page are not streamed out to the client machine.

From your example
the streamed out page would not include any of the php code
ie: echo, the single quotes, ., or even the variable $test.

The only thing the user would see and have access to would be
You wrote something where something is the content of the variable $test.

To exploit your page the hacker would have to inject some code into one of your input fields.

It may be helpful for you to read this link

PHP code is not exposed to the user like javaScript. So you have no concern here.

notes:
- $_PHP_SELF, not sure where you get that, but if you copy it over from $_SERVER['PHP_SELF'] you have an XSS vulnerability. better use $_SERVER['SCRIPT_NAME']
- the self-closing tags (/>) are invalid in HTML, though browsers conveniently ignore that

and a personal preference, semantically it makes more sense to write the submit button as button (<button type="submit">…</button>). it has the advantage that you cannot confuse it with an input box and you have better control of the content (<input> only allows text, <button> allows HTML)