Here's the solution: note line #8 - because you always MUST use htmlspecialchars for checking users' input!
<!DOCTYPE html>
<html>
<head>
<title>Input Form</title>
</head>
<body>
<?php if (isset($_GET['person'])) {
$person = htmlspecialchars($_GET['person']);
echo "Hello, $person!";
} else {
?>
<form>
Name: <input type="text" name="person"/><br>
<input type="submit">
</form>
<?php } ?>
</body>
</html>