Folks,
FILTER_SANITIZE_EMAIL removes all the invalid characters from users input in my form.
FILTER_VALIDATE_EMAIL checks if the user inputted email on my form is valid or not.
I think using just one would do and no need to use both functions when checking for user input on my form. What you say ?
I say this because of this …
Let’s say you trying to submit to me an invalid email and I use FILTER_SANITIZE_EMAIL and remove all the invalid chars. Now whatever is leftover is surely not your email address (just like whatever you tried submitting is also not your email address).
So not good using FILTER_VALIDATE_EMAIL to validate the email.
Eg.
Your email is
You deliberately tried submitting invalid and wrong email:
<tracknutt@*tracknutter.com>.
Using FILTER_SANITIZE_EMAIL, I am leftover with:
Now I use FILTER_VALIDATE_EMAIL and it gets validated. But really, is your email:
It is not! And so, now my db is with your wrong email.
Conclusion:
None of the two filters can pursuade you to submit your real email.