Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does PHP filter_var say that this is a valid email address?

I use the filter_var PHP function to validate email address when a user signs up to my site.

I use this code from the post:

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);

then later I do:

if(!$email) {
  // return to the form 
}
else {
  // send registration info
}

now when I var_dump($email), I get the output:

string(23) "user."name"@example.com"

I would like to know why this does not return false. I think the double quotes are not acceptable, so why does PHP say it’s valid?

like image 951
fred Avatar asked Dec 18 '11 16:12

fred


2 Answers

It is a valid email address :

A quoted string may exist as a dot separated entity within the local-part or it may exist when the outermost quotes are the outermost chars of the local-part (e.g. abc."defghi"[email protected] or "abcdefghixyz"@example.com are allowed. abc"defghi"[email protected] is not; neither is abc\"def\"[email protected]).

like image 108
Dalmas Avatar answered Nov 11 '22 23:11

Dalmas


I had the same problem (see Dalmas on why it's valid) and here's how I fixed it:

filter_var($email, FILTER_SANITIZE_EMAIL);

eg:

$email = 'user."name"@example.com';
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

will output:

string(21) "[email protected]"

Then you can validate the email using your validation.

you can get more information on the php site

like image 35
Book Of Zeus Avatar answered Nov 11 '22 22:11

Book Of Zeus