在HTML5 + JS + PHP中设计发送到电子邮件的表单时，有哪些好的安全预防措施？ [关闭]

I'm creating a form on my website which sends an e-mail to me containing the text that the user inputs, they don't need to sign in or anything.

Some questions:

1. Should I store information in global session variables or pass them to another page using POST which will then send a mail?
2. Do I perform form validation using PHP, JS or both? If so, what should I look out for?
3. There is an option for a user to upload a PHP document. How do I make sure they can't send me viruses etc. in that document?

Thanks in advance!

1. You can use session but a simple post should work fine.
2. Validation is a step that you should never forget, for example you should always validate if user email address is in proper format or not, validate address or phone number in input form if exist. You should validate message sent, it depends whether you should allow formatting or plain text in that case you might want to strip tags.
3. You should validate files based on their extensions and deny all executable files.