One additional thing: As discussed a lot in the last time, you should check „user generated content“ for malicious code – especially (or at least) if anonymous users can submit your form. The esc()
helper method is your friend
1 Like