Login/Register
Why does PHP filter_var say that this is a valid email address?
Asked Answered
Solved phpemailemail-validationfilter-var
W

2

10

I use the filter_var PHP function to validate email address when a user signs up to my site.

I use this code from the post:

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);

then later I do:

if(!$email) {
  // return to the form 
}
else {
  // send registration info
}

now when I var_dump($email), I get the output:

string(23) "user."name"@example.com"

I would like to know why this does not return false. I think the double quotes are not acceptable, so why does PHP say it’s valid?

Wesleyanism answered 18/12, 2011 at 16:22 Comment(0)
O
15

It is a valid email address :

A quoted string may exist as a dot separated entity within the local-part or it may exist when the outermost quotes are the outermost chars of the local-part (e.g. abc."defghi"[email protected] or "abcdefghixyz"@example.com are allowed. abc"defghi"[email protected] is not; neither is abc\"def\"[email protected]).

Ordway answered 18/12, 2011 at 16:33 Comment(2)
thanks for the info, i think it's ridiculous they allow such charsWesleyanism
@Wesleyanism Not everyone speaks and writes English. Double quotes are often used for characters from other languages. Not so ridiculous now, eh?Speroni
I
11

I had the same problem (see Dalmas on why it's valid) and here's how I fixed it:

filter_var($email, FILTER_SANITIZE_EMAIL);

eg:

$email = 'user."name"@example.com';
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

will output: 

string(21) "[email protected]"

Then you can validate the email using your validation.

you can get more information on the php site

Infallible answered 18/12, 2011 at 16:35 Comment(1)
thanks for this answer, i was wondering how can i fix it. my problem is to understand why they are allow it which i think its ridiculous, thanks for the solutionWesleyanism

© 2022 - 2024 — McMap. All rights reserved.