What precautions should be taken when sending an email via PHP

I believe that the care to be taken when sending emails through a web system, are those common well-known care: validate if the typed e-mail actually follows an e-mail standard (via regular expression for example ), if the name and message fields are not empty and adding a captcha to prevent any malicious script from sending unsolicited mail is enough.

About articles you read from forms that access the database are manipulated, this is nothing more than the old SQL injection , present in web systems in general and not specific to the PHP language.

I hope I have helped.

Hugs!

Form does not connect to the database, it only provides the information that will be inserted into the DB. You need to validate before saving the information, verify that what you received is of the corresponding type ...

SQL Injection occurs when you receive statements next to an input and execute the query without validation. You can conceder acesso to a login system or even run DROP TABLE . The use of PDO eliminates a significant percentage - the debate is long.

You can have an input (_GET or _POST) that saves data in DB or files, login and password data, email sending ... Each case is a case and the data does not come from forms alone. >

filter_var ($ emial, FILTER_VALIDATE_EMAIL)
Does not provide secure email validation. You need to validate with an ER as quoted.