PHP Mail function security

Question

I hae a form on my website which I've just built, im unsure on how to go about securing it though and when I wrap my variables with the mysql_real_escape_string it stops them from echoing out, Could anybody take a look at my script and tell me where the flaws are and how I can go about correcting them? Thanks

<?php 
$kop = $_POST['severity'];
$loc = $_POST['location'];
$summary = $_POST['summary'];
$name = $_POST['name'];
$email = $_POST['email'];

$to      = 'support@.co.uk';
$subject = 'Bug Report';
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email;
$headers = 'From: .co.uk';

mail($to, $subject, $message, $headers);

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">";

?>

Answer 1

<?php

$kop = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['severity']), ENT_COMPAT, 'UTF-8'));
$loc = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['location']), ENT_COMPAT, 'UTF-8'));
$summary = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['summary']), ENT_COMPAT, 'UTF-8'));
$name = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['name']), ENT_COMPAT, 'UTF-8'));
$email = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['email']), ENT_COMPAT, 'UTF-8'));

$to      = 'support@.co.uk';
$subject = 'Bug Report';
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email;
$headers = 'From: .co.uk';

mail($to, $subject, $message, $headers);

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">";

?>