I am trying to create a PHP page for users to send emails to other users in HTML. On my page (email.php) there is a textarea for user to input their message.
Since I send the email from my server I don't want the user to write malicious code/message content (html, links, php, bad words etc) that will result in my servers email IP getting banned as spam.
I know I can validate by using functions like str_replace() htmlentities() strip_tags() etc
How can I stop the user from entering tags, links etc in textarea so the email is clean when sent. Is there some function to just filter the whole message string if it matches an email body format or a way to convert the message string to just clear text so any malicious links/tags will just show to the user as a href='/link'>malicious link not 'malicous link' and instead of html tags running they just show as the tag itself?
Like gumtree for instance when you send email you get form with textarea for message
thanks for any suggestions
