Creating a basic secure php mailer

Posted on


I am busy creating a basic php mailer script to post to _self and email to a address.

Is the script secure?

How can I avoid someone clicking on submit the whole time, to spam the mailbox, with minimal extra code

//Mail header removal
function remove_headers($string) { 
   $headers = array(
$string = preg_replace($headers, '', $string);
return strip_tags($string);

$to      = "";
$subject = "Sent from site";

$uname    = remove_headers($_POST['fname']);
$uemail   = remove_headers($_POST['femail']);
$umessage = remove_headers($_POST['fmessage']);
$umessage = "Name : " . $uname . " Email : " . $uemail . " Message : " . $umessage;

   mail($to, $subject, $umessage, "From:");


<div id="mailer" >
  <form name="test" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>Your Name:</p>
<input type="text" size="20" name="fname"><br><br>
<p>Your Email:</p>
<input type="text" size="20" name="femail"><br><br>
<p>Your Message:</p>
<textarea name="fmessage" rows="4" cols="20"></textarea><br><br>
<input type="submit" name="submit" value="Send Message">
  <?php if(isset($_POST['submit']))
   echo "<p>Sent. We will be in contact shortly.</p>";
  } ?>



Your using the email sanitize filter on each field, you need to use FILTER_SANITIZE_STRING for the name and FILTER_SANITIZE_FULL_SPECIAL_CHARS for the message field.

Sanitizing is not the same as validating…


SANITIZE filters

Leave a Reply

Your email address will not be published. Required fields are marked *