What are common pitfalls when creating a PHP contact form like the one in the provided code?

One common pitfall when creating a PHP contact form is not properly sanitizing user input, which can leave the form vulnerable to injection attacks. To solve this, use PHP's `filter_input` function to sanitize and validate user input before processing it.

// Sanitize and validate user input
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);

// Check if any of the input fields are empty
if(empty($name) || empty($email) || empty($message)){
    echo "Please fill out all fields.";
    exit;
}

// Process the form data
// Your code to send the email or save to a database goes here