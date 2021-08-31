Is this mail-in PHP form secure enough?

This is a sample, bare-bones form where people will go to leave a comment. It’s quite unadorned at the moment. Just wondering if it will be secure.

And, I don’t know if the regex is correct for what I want: “Comments can only contain letters, numbers, commas, periods, and white spaces.”

<?php
// if(isset($_POST['submit'])){
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $to = "my@email.com";
    $subject= "Feedback";	
	$body = trim(htmlspecialchars($_POST['body']));
	
	$body = validate($_POST['body']);
if (!preg_match('/^.*,*.\\.$\W\s', $body)) {
	echo "Comments can only contain letters, numbers, commas, periods, and white spaces.";
}
    $body = "Message: " . $body;
    if(mail($to, $subject, $body)){
        echo "Thank you - Your feedback was sent to me. I can't wait to read it!";
    }else{
         echo "Sorry, something went wrong with sending your comments.";
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<title>Feedback</title>
</head>
<body>
	<div id="wrapper">
		<form class="form" method="POST"  enctype="text/plain">		
			<h1>Feedback Form</h1>
			<p>For your security, please do not include your email or other private info. If you want to email us, please use the email on the website.</p>
			<p><em>Comments can only contain letters, numbers, commas, periods, and white spaces.</em></p>
			
			<textarea name="body"></textarea>
			
			<button type="submit" name="submit">Submit</button>
			
		</form>
	</div>
	
<!--
https://blog.sqreen.com/top-10-security-best-practices-for-php/
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Cheatsheet
-->
</body>
</html>