Shouldn't the user input be a bit sanitized to prevent a possible attack vector against the mail client?
|
$name = stripcslashes($_POST['name']); |
|
$emailAddr = stripcslashes($_POST['email']); |
|
$issue = stripcslashes($_POST['issue']); |
|
$comment = stripcslashes($_POST['message']); |
|
$subject = stripcslashes($_POST['subject']); |
Wrapping these lines with htmlentitiesand ENT_QUOTES would make it probably much more secure already.