...

View Full Version : Resolved Filter_sanitize_email?



RonnyNishimoto
07-19-2012, 06:14 AM
I thought "FILTER_SANITIZE_EMAIL" was meant to sanitize the input value for storing (if something looks valid, store it, but clean it up in case a user used a funny format - especially with dates & phone #'s). For instance, if I entered "(example@email.com)" it would return "example@gmail.com."

If this is not what it does, then what does it do?
http://www.w3schools.com/php/php_secure_mail.asp



function spamcheck($field) {
$field = filter_var($field, FILTER_SANITIZE_EMAIL); // What's the point of this line?
if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
return true;
}
else {
return false;
}
}
if (isset($_POST['email'])) {
$mailcheck = spamcheck($_POST['email']);
if ($mailcheck == false) {
echo "Invalid Input";
}
else {
$email = $_POST['email'];
echo $email;
}
}

MarPlo
07-19-2012, 08:02 AM
Hi,
According to php.net , FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain.
Removes all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] .

RonnyNishimoto
07-19-2012, 09:03 AM
Thank you! I will try it again tomorrow.

Dormilich
07-19-2012, 10:11 AM
though the question is, if the email address is modified by FILTER_SANITIZE_EMAIL, how do you know if the now formally valid address actually matches the address the submitting user meant to pass?

RonnyNishimoto
07-19-2012, 11:15 PM
I don't think you could have an email like that. I think the SANITIZE makes sure to allow symbols and characters that might be used. All the other symbols shouldn't be used and I doubt email providers would allow it. Can you think of a case or symbol in which someone might have used legitally in their email?

Dormilich
07-19-2012, 11:41 PM
Can you think of a case or symbol in which someone might have used legitally in their email?
no, but thatís not the issue. the issue is a typo from the submitting user.

RonnyNishimoto
07-19-2012, 11:49 PM
Wouldn't you need two inputs, and then if they are ==, you submit it to the database? I don't quite understand ;)

Dormilich
07-20-2012, 07:09 AM
what if both inputs shared the same typo (say, by copy & paste) ?

RonnyNishimoto
07-20-2012, 08:58 PM
what if both inputs shared the same typo (say, by copy & paste) ?

Then the world would explode!

No, but really if they entered an invalid character both times, it would produce "Invalid Results." If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.

Dormilich
07-20-2012, 09:09 PM
If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.

and thatís the reason why I wouldnít use FILTER_SANITIZE_EMAIL, only FILTER_VALIDATE_EMAIL. if the email is wrong, tell it to the user.

RonnyNishimoto
07-20-2012, 09:31 PM
Still don't understand, but I will remember to use VALIDATE!

felgall
07-21-2012, 05:13 AM
Validate user input.

Sanitize data read in from other sources to verify that it hasn't had anything that could cause security issues injected into it.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum