Comment on My PHP/ MySQL Restaurant Reservation Form by arbitrary username.
I know this is an old script, but its method of generating email and SQL queries are naive, unsafe and should be avoided at all costs.
strip_tags will not protect you. In some cases it won’t even properly strip html tags. Prepared statements should be used for SQL queries – this code doesn’t adequately protect against SQL injection, header injection, or really anything. Please, never use this code in production, and never post it to forums where people know better.