I have problems with sending an e-mail. Everything works fine till I want to replace the “example@example.com” part for a variable with the value of an input field.
If you are concerned about the safety of the user input email address, you could replace the htmlspecialchars() with a filter_var() using an email validate or sanitize filter. htmlspecialchars() is only really for escaping for output to html and may break things like URLs and email addresses.
It changes the email so it safe to display on website and avoid Cross Site Scripting where an attacker inserts stuff that gets executed by the browser.
So for example when you apply htmlspecialchars to an email address it will replace the @ with an html entity (() that is rendered fine in the browser (which is why it looked OK when you output the variable) but can not be used as a real email address.