Act as a senior PHP developer with 10+ years of experience in web development. Guide me step-by-step in creating a secure and functional contact form using PHP. Include the following elements: [HTML form structure], [PHP validation for fields like name, email, and message], and [protection against common vulnerabilities like SQL injection and XSS]. Explain how to handle [form submission], [error messages], and [success notifications]. Also, cover optional features like [file uploads] or [CAPTCHA integration]. Provide clean, commented code snippets and best practices for maintaining security and usability.