There are two statements near the beginning of your file
that set these values. This would be around lines 4 and 16.
// validate incoming values
$forum_id = (isset($_GET['fid'])) ? (int) $_GET['fid'] : 0;
$msg_id = (isset($_GET['mid'])) ? (int) $_GET['mid'] : 0;
As you can see, the values are set to whatever is coming
in on the query string. view.php has a couple of links to this file,
so that's one place where the actual values are being set,and
then sent over on the query string.
Now, this file, add_post.php, calls itself so that's another
place where the values are being set and then sent over on
the query string.
As for this specific statement
action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) . '?fid=' .
$forum_id . '&mid=' . $msg_id; ?>">
The PHP_SELF variable returns the current script being executed,
so the script is calling itself. You could have used the name
of the file, add_post.php. However, if the name of the file changes,
then you would have to update the code, that is one of the reasons
you see PHP_SELF being used.
There were some errors and issues in chapter 2. Take a look at the following posts and be sure to make all the corrections.
Chap 2, Some small errors in add_post.php and view.php
Chap 2 forums, pagination issues page 55-56
Chap 2 - Avatars and uploading files, (would apply to Chap 6 too)
Chap 2, add_forum.php, ~$user->permission is not working properly
I hope this helps.