Ok, what I have done now was to create a function that checks for injected content by looking for /r and /n in passed variables. If found, I clear the variable. The function returns back the variable.

Therefore if anything has been injected into any of the fields that will be used in the mail function they will cause the form to fail and complain that nothing was entered into those form fields.

Please try it out if you have the chance. The only field I'm not checking is the message body, but I haven't been able to exploit it with this method.