I am a newbie on PHP but manage to create a working contact form. But then I got aware of Email Header Injection. How can I prevent this in best possible way? Don't want my form to be used to spam people.
This is my code:
<?php
if ($_POST["email"]<>'') {
$ToEmail = 'FixedEmail@domain.com';
$EmailSubject = 'Email Subject';
$mailheader = 'From: donotreply@domain.com' . "
" .
'Reply-To:' .$_POST["email"]. "
" .
'MIME-Version: 1.0'."
".
'Content-Type: text/html; charset=utf-8'."
".
'X-Mailer: PHP/' . phpversion();
$MESSAGE_BODY .= "<b>Navn:</b> ".$_POST["name"]."<br />";
$MESSAGE_BODY .= "<b>Telefon:</b> ".$_POST["telephone"]."<br />";
$MESSAGE_BODY .= "<b>Email:</b> ".$_POST["email"]."<br /><br />";
$MESSAGE_BODY .= "".nl2br($_POST["message"])."<br />";
mail($ToEmail, $EmailSubject, $MESSAGE_BODY, $mailheader) or die ("Failure");
?>
