This is my sendmail code, how would i change this to prevent bot's from injecting my code? $to = 'email@domain.com; $subject = $_POST['subject']; $message = $_POST['message']; $from = $_POST['from']; $from_check = $_POST['from_check']; $full_name = $_POST['full_name']; $tel = $_POST['tel']; $headers = "From: ". $_POST['from'] ."\r\n"; $headers .= "Reply-To: ". $_POST['from'] ."\r\n"; $message = "\nInformation Request: ".$message; $message .= "\nName: ".$full_name; $message .= "\nTel Number: ".$tel; $message .= "\nEmail address 2 (could be different): ".$from_check; if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $from)) { echo "<h4>Sorry info here</h4>"; echo "<h4><a href='javascript:history.back(1);'>Click here to return</a></h4>"; } elseif ($from_check <> $from) { echo "<h4>Info here.</h4>"; echo "<h4><a href='javascript:history.back(1);'>Click here to return</a></h4>"; } elseif(mail($to,$subject,$headers,$message)) { echo "<h4>$full_name</h4>"; echo "<h4>Your email has been sent, we will reply as soon as possible.</h4>"; } else { echo "<h4>Cannot send email</h4>"; Code (markup): Thanks Ian