PDA

View Full Version : Resolved Filter_sanitize_email?



RonnyNishimoto
07-19-2012, 05:14 AM
I thought "FILTER_SANITIZE_EMAIL" was meant to sanitize the input value for storing (if something looks valid, store it, but clean it up in case a user used a funny format - especially with dates & phone #'s). For instance, if I entered "(example@email.com)" it would return "example@gmail.com."

If this is not what it does, then what does it do?
http://www.w3schools.com/php/php_secure_mail.asp



function spamcheck($field) {
$field = filter_var($field, FILTER_SANITIZE_EMAIL); // What's the point of this line?
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return true;
}
else {
return false;
}
}
if (isset($_POST['email'])) {
$mailcheck = spamcheck($_POST['email']);
if ($mailcheck == false) {
echo "Invalid Input";
}
else {
$email = $_POST['email'];
echo $email;
}
}

MarPlo
07-19-2012, 07:02 AM
Hi,
According to php.net , FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain.
Removes all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] .

RonnyNishimoto
07-19-2012, 08:03 AM
Thank you! I will try it again tomorrow.

Dormilich
07-19-2012, 09:11 AM
though the question is, if the email address is modified by FILTER_SANITIZE_EMAIL, how do you know if the now formally valid address actually matches the address the submitting user meant to pass?

RonnyNishimoto
07-19-2012, 10:15 PM
I don't think you could have an email like that. I think the SANITIZE makes sure to allow symbols and characters that might be used. All the other symbols shouldn't be used and I doubt email providers would allow it. Can you think of a case or symbol in which someone might have used legitally in their email?

Dormilich
07-19-2012, 10:41 PM
Can you think of a case or symbol in which someone might have used legitally in their email?
no, but thatís not the issue. the issue is a typo from the submitting user.

RonnyNishimoto
07-19-2012, 10:49 PM
Wouldn't you need two inputs, and then if they are ==, you submit it to the database? I don't quite understand ;)

Dormilich
07-20-2012, 06:09 AM
what if both inputs shared the same typo (say, by copy & paste) ?

RonnyNishimoto
07-20-2012, 07:58 PM
what if both inputs shared the same typo (say, by copy & paste) ?

Then the world would explode!

No, but really if they entered an invalid character both times, it would produce "Invalid Results." If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.

Dormilich
07-20-2012, 08:09 PM
If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.

and thatís the reason why I wouldnít use FILTER_SANITIZE_EMAIL, only FILTER_VALIDATE_EMAIL. if the email is wrong, tell it to the user.

RonnyNishimoto
07-20-2012, 08:31 PM
Still don't understand, but I will remember to use VALIDATE!

felgall
07-21-2012, 04:13 AM
Validate user input.

Sanitize data read in from other sources to verify that it hasn't had anything that could cause security issues injected into it.