?>< ?php $to = 'myemail'; $subject = 'test'; $text = 'test2'; $header = 'test3';

1. ?>< ?php $to = 'myemail'; $subject = 'test'; $text = 'test2'; $header = 'test3'; mail($to,$subject,$text,$header); ?>< ?php
2.  
3. (without the spaces behind the < ).
4.  
5. In $_POST['var2'] field on my websites form to test the difference between strip_tags($_POST['']) and regular unprotected $_POST[''].
6.  
7. That $_POST[''] field together with a couple more feed into a $url variable below:
8.  
9. $url = 'ourwebsite/filecontainingthis$urlvariable.php?VAR1='.strip_tags($_POST['var1'].'&VAR2='.$_POST['var2'].'&VAR3='.strip_tags($_POST['var3']);