PHP E-Mail Form

Hey, pretty much a newbie on this front, could do with some greatly appreciated help.

I’ve got a HTML form and a PHP file it is attached to. Everything works perfectly except for the messages output which I’m not too sure on. I’ve searched the net and it’s just a bit =/ right now to be honest. I need some firm confirmation from some pro’s that know what they’re doing and can give me a solution I can see working.

Here is a sample of the PHP form process file:

<?php

$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);
$phone = htmlspecialchars($_POST['phone']);
$postcode = htmlspecialchars($_POST['postcode']);
$subject = htmlspecialchars($_POST['subject']);
$message = htmlspecialchars($_POST['message']);

$to = 'contact@google.co.uk';
$subject = "$subject";
$messageContainer = "You have a new <b>E-Mail from:</b> $name <br/>
			<b>Regarding:</b> $subject <br/>
			<b>Their message is:</b> $message <br/> 
			<b>E-Mail:</b> $email <br/>
			<b>Phone:</b> $phone <br/>
			<b>Postcode:</b> $postcode";
$headers = "From: $email";

mail($to, $subject, $messageContainer, $headers);

header("Location: http://www.google.co.uk");
?>

Now as I said all of the form works perfectly, including the output. However, if on the text area for the message (as in the variable $message) something like:

<script>location.href(‘http://www.google.com’)</script>

Then the result / output I get in the E-Mail is:

<script>location.href(\‘http://www.google.com\’)</script>

Soooo yea. But apparently all of the <, >, " should be in their character entity equvalent but they aren’t.

I’m pretty sure I’ve done something wrong, but I don’t know where or how to solve it.

Help on this matter would be greatly appreciated as soon as possible.

Thanks very much,

Andrew Cooper

What are you expecting to see in the email?

htmlspecialchars should be encoding the <> and whatnot. Depending on what email client you are using you may see different results in respect to html tags. Most email clients do not allow script tags to be used … so that may be why you are seeing <script>…</script> inside the email.

Hey Andrew, do you see all these <b> and <br> in your email?