What are common pitfalls to avoid when using the mail() function in PHP to send emails from a form?

One common pitfall to avoid when using the mail() function in PHP to send emails from a form is not properly sanitizing user input, which can lead to email injection attacks. To prevent this, make sure to validate and sanitize any user input before using it in the email headers. Additionally, always use proper headers to prevent your emails from being marked as spam.

// Sanitize user input before using it in the email headers
$email = filter_var($_POST[&#039;email&#039;], FILTER_SANITIZE_EMAIL);
$name = filter_var($_POST[&#039;name&#039;], FILTER_SANITIZE_STRING);

// Set proper headers to prevent emails from being marked as spam
$headers = &quot;From: $name &lt;$email&gt;\r\n&quot;;
$headers .= &quot;Reply-To: $email\r\n&quot;;
$headers .= &quot;MIME-Version: 1.0\r\n&quot;;
$headers .= &quot;Content-type: text/html; charset=utf-8\r\n&quot;;

// Send email using mail() function
mail(&#039;recipient@example.com&#039;, &#039;Subject&#039;, &#039;Message&#039;, $headers);

Keywords

mail function PHP email form validation

What are common pitfalls to avoid when using the mail() function in PHP to send emails from a form?

Keywords

Related Questions