Securing a contact form script

Question

Hello! I am just wondering how secure is this contactform script I just made? My teacher was nagging at me a long time ago when I made my contactforms.

Answer 1

There is nothing insecure in your code really beside lack of data validation. You just collect form data and send it out. so the only 'insecurity' is that you would be easily spammed through that form unless any sort of captcha is used. I am not sure at the moment, but it may be possible to trick mail() to add more receipients with crafted $subject, so it would be save to ensure it's oneliner and strip any CRLFs