I have a classifieds website, and inside each classified, there is a small form.
This form is for users to be able to tip their "friends":
<form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm">
Tip: <input name="email2" id="email2" type="text" size="30 />
<input type="submit" value="Skicka Tips"/>
<input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" />
<input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" />
</form>
The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details?
$to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL);
$ad_id = $_POST['ad_id2'];
$headline = $_POST['headline2'];
$subject = 'You got a tip';
$message ='Hi. You got a tip: '.$headline.'.\n';
$headers = 'From: [email protected]\r\n';
mail($to, $subject, $message, $headers);
I haven't tested the above yet.