Menu
$str = '"mynam@blabl"@domanin.com';
filter_var($str, FILTER_VALIDATE_EMAIL);//return valid email.
the above email returns true... Fair enough that RFC 2822 says it's a legal email address.
my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var?
241
my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var?
filter_var is not a replacement for database specific sanitation like mysql_real_escape_string()! One needs to always apply that, too.
166
Yes - do not rely on anything besides the database specific escaping mechanism for safety from SQL injection.
Always use mysql_real_escape_string() on it before using it in SQL.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
