PHP input sanitizer function?
What's a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that's not part of the mysql_function() family of functions.)
I take the data, sanitize it, print it back to the user and send it in an email to a preset address.
EDIT: I'm just sending the email to our email address so we can send out a mailing to the address in the email.
Since you're printing it back to the user, you need to escape any HTML content.
strip_tags() and html_special_chars() are quite useful in filtering the message content, especially if you're using html messages.
See also: How to sanitze user input in PHP before mailing? which mentions doing a find & replace on newlines that could allow injecting content into the mail headers. As you're using a pre-set mail address the risk is reduced, but the subject field is still vulnerable.
Have you looked at the filter functions e.g http://www.php.net/manual/en/function.filter-var.php
Sanitizing for an e-mail would be equivalent to sanitizing for HTML output. I see some suggestions on SO for HTML Purifier.