Wait a minute! I have a big
warning for you.
Don't even think of putting such code on a production server — it will be hacked in no time!
Well, some background now. Frankly, such thing happened to me years ago, my site was suspended, but I fixed situation in one day, added detection of malicious activity and observed such activity on a regular basis. Now, I could hack such code in no time. You host will be turned into a zombie distributing spam or something like that.
How this is done? If one honestly fill in the form manually in a regular Web browser, you can only write what you write in one text input line. Programmatically, I can post whatever I want. One simple trick is to put in one line, for example under the key "sendername" many lines. While in manual post this is one string with one line, programmatically it would be one string with several lines; just insert line delimiters. In that extra line you could add "BCC: " + 9000 of other addresses to spam. Even though you receive that e-mail in a regular mail, you will only see regular spam addressed just for you.
Whatever the attach is, you should never call the function
mail
without filtering out its every parameter to remove anything weird. Remember, you never know what exactly it the method of the assault, so you should not assume anything about values you receive in you POST.
Sorry it has nothing to do with your question or if you know all this already -- this warning is too important.
[EDIT]
I had to wait for my next e-mail message from the PHP send list, to add this reference:
http://www.phpclasses.org[
^].
If you need to find out good ready-to-use solution, this is a good place.