Hello, i am new to php security and i try to learn it applying it to mail() function in a contact form.
Can you please comment on my code if i do the XSS and CSRF correctly with ajax and is it secure enough or maybe i need to add something? please ignore the front end its just some copy paste.
2)Do i really need data validation checks in my mailer.php because i use the html5 form validation checks is that ok?
3)And do i need another die(); after the mail was send line 43 1)comment and maybe that unset line 47 2)comment is not needed? i am not sure about it.
4)Do i need google recaptcha? or CSRF only it’s fine so the bots dont spam me?
I pasted the code in here(i dont know any better way to show it to you guys and its not in a proper way in those fields in JSfiddel its just a paste so you dont hurt your eyes reading the code) https://jsfiddle.net/ruhl/u62rnc71/
Its working in the link below and i tested XSS but i dont know about CSRF or any other mistakes. https://markusruhll.000webhostapp.com/