what are some steps I can use to make this more secure?
<?php
foreach ($_POST as $field=>$value)
{
$formcontent .= "$field: $value
";
}
$formcontent .= 'User-Agent: '.$_SERVER['HTTP_USER_AGENT'];
$recipient = "****.***y@***********.co.uk";
$subject = "Event feedback form";
$mailheader = "From: web.form@**********.co.uk
";
$mailheader .= "Reply-To: $email
";
$mailheader .= "MIME-Version: 1.0
";
mail($recipient, $subject, $formcontent, $mailheader) or die("Failure!");
header("location:http://www.**********.co.uk");
?>
You may want to apply htmlentities to $value to prevent cross site scripting.
$formcontent .= "$field: " . htmlentites($value) . "
";
Otherwise, its okay, as your values don't go into DB.
Use htmlspecialchars to sanitize the variables!
Take a look at the recommended answer here: Is this mail() function safe from header injection?. Since you aren't storing in your database or using attachments, your risks are in the possibility of new lines in the header of the mail. If you follow those instruction there, you can filter out the new lines and you are okay.
Hope that helps! Cheers