We have found that emails were being sent from our email server. We were notified that this is the form that was being used. I did not write this and was wondering if anyone can point out where the code is allowing this to happen. For example I use query param to prevent SQL injection but i can't see where this code can be improved. I included the script in a txt file.
Any help is appreciated.