So I use PHP and have a contact form on my website. Once users fill up the form and submit, it will shoot an email to me. I have been receiving junk input from bot, I assume, like below. This is the result of print_r($_REQUEST). I removed some parameter for simplicity.

Array
(
   [name] => rycpufrwq
   [email] => raaszg@fqhzdm.com
   [company] => naCuklaLMab
   [website] => http://ujpbfhazkpzv.com/
   [message] => cBimwx  <a href=\"http://pxlahgqmdrhs.com/\">pxlahgqmdrhs</a>, [url=http://sjmbrhkycvbz.com/]sjmbrhkycvbz[/url], [link=http://rddqwgzwvrhv.com/]rddqwgzwvrhv[/link], http://csohvhsvdisc.com/
)

On such request, I don't write to db or anything. I only send an email by calling mail(). Specifically, mail($to,$subject,$body,$headers) where $headers is:

$headers="From:$email_from\r\nBcc:$email_bcc\r\nReply-To:$name<$email>\r\n";

$ Isim $ _REQUEST ['isim'] ve $ email $ _REQUEST ['email'], ama hepsi "\ r" dışında şerit ve "\ n" varsa onlar "\r\nCc:<a list of emails>" koyabilirsiniz çünkü onlar benim alanı kullanarak spam e-postalar göndermek mümkün olacaktır.

However, for an input I mentioned above, I don't see 'newline' under 'email' field. Hence, I assume it is a different kind of attack. Is there something I should be aware of?