The above code is vulnerable to reflected xss but is has some filtering on it. Try to bypass it and excecute a javascript code

<?php
        $NAME=$_GET[‘name’];
        $NAMESAN=strtoupper(htmlspecialchars($NAME));
        echo “<HTML><body>”;

        echo ‘<form action=””>’;
        echo “First name: <input type=’text’ name=’name’ value='”.$NAMESAN.”‘><br>”;
        echo “<input type=’submit’ value=’Submit form’></form>”;

        echo “</HTML></body>”;
?>