What are some common pitfalls to avoid when working with form data and email handling in PHP scripts?

One common pitfall to avoid when working with form data and email handling in PHP scripts is not properly sanitizing user input, which can lead to security vulnerabilities such as SQL injection or cross-site scripting attacks. To mitigate this risk, always use functions like htmlspecialchars() or mysqli_real_escape_string() to sanitize user input before using it in your script.

// Sanitize user input using htmlspecialchars()
$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);
$message = htmlspecialchars($_POST['message']);

// Send email using sanitized data
$to = "recipient@example.com";
$subject = "Contact Form Submission";
$body = "Name: $name\nEmail: $email\nMessage: $message";
$headers = "From: sender@example.com";

// Send email
mail($to, $subject, $body, $headers);