The only thing i having in mind to change in code is $_REQUEST to $_POST because $_REQUEST will accept both get and post requests.
However, i need your advice on removing any such insecure codes from my form to let peoples use that without doubt.
Julio Potier answers:
I'm Julio and i'm Web Security Consultant. I audited your code and your script is not vulnerable to any XSS flaw, not even another flaw.
It is vulnerable to CSRF but we never fix a CSRF on a contact form, instead we use captchas.
See you !
Kannan C comments:
Hi Julio, Thank you very much for analyzing my code. Good Day!