I am writing a simple 'contact us' email form and I am aware I should
protect it from code injection and malicious email hijacks. I have
used mysql_escape_string() to remove any newlines in the headers but
do I need to protect the message body too? Should I include MIME
content headers too? And should I be worried about HTML inclusion in
the body?