/    Sign up×
Community /Pin to ProfileBookmark

FILTER_SANITIZE_EMAIL Or FILTER_VALIDATE_EMAIL To Use ?

Copy linkTweet thisAlerts:
Apr 17.2021

Folks,

FILTER_SANITIZE_EMAIL removes all the invalid characters from users input in my form.
FILTER_VALIDATE_EMAIL checks if the user inputted email on my form is valid or not.

I think using just one would do and no need to use both functions when checking for user input on my form. What you say ?
I say this because of this …
Let’s say you trying to submit to me an invalid email and I use FILTER_SANITIZE_EMAIL and remove all the invalid chars. Now whatever is leftover is surely not your email address (just like whatever you tried submitting is also not your email address).
So not good using FILTER_VALIDATE_EMAIL to validate the email.
Eg.
Your email is [email protected].
You deliberately tried submitting invalid and wrong email:
<tracknutt@*tracknutter.com>.
Using FILTER_SANITIZE_EMAIL, I am leftover with:
[email protected]
Now I use FILTER_VALIDATE_EMAIL and it gets validated. But really, is your email:
[email protected]
It is not! And so, now my db is with your wrong email.

Conclusion:
None of the two filters can pursuade you to submit your real email.

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@developer_webauthorApr 17.2021 — You know what ?

Change of conclusion now.

Here is why ...

Only time using both filters would be handy is if you mistyped but did not deliberately try submitting false email.

So, if your email is:

[email protected]

And you mistyped an invalid character:

tracknut@tracknut).com

Then using FILTER_SANITIZE_EMAIL, I am leftover with:

[email protected]

Now your real email is leftover. Now I validate it using FILTER_VALIDATE_EMAIL and your real email gets submitted to my db.

Conclusion:

I should still use both filters but FILTER_VALIDATE_EMAIL last.

What you say of my finding ?

EDIT:

Conclusion:

I should still NOT use both filters because FILTER_SANITIZE_EMAIL removed all the invalid chars and the email that is leftover is a valid email anyway. So, no good using the FILTER_VALIDATE_EMAIL here as the leftover email is valid.

What you say of my finding ?
Copy linkTweet thisAlerts:
@NogDogApr 18.2021 — I would not assume anything about a user's email. Assuming the ")" should be deleted instead of replaced with some other character is just a guess, and might end up pointing to someone else's address instead.

Generally, I would just do the "validate", then if okay proceed to doing the old send a confirmation email thing to that address with a confirmation link, etc.
Copy linkTweet thisAlerts:
@developer_webauthorApr 21.2021 — @NogDog#1630530

Ok. I used to do this too. Use the Validate over the Sanitize. But if the Sanitize won't come handy because the Validate is doing all the job then why php vendors built the Sanitize ?

I showed you two examples above when Sanitize and when validate become handy. And when one is handy over the other or where one is needed and not the other.

Now it's your turn to show me where the Sanitize will become handy, with or without using the Validate. If it ever becomes handy that is.
Copy linkTweet thisAlerts:
@NogDogApr 21.2021 — > @developer_web#1630673 Now it's your turn to show me where the Sanitize will become handy

No, it is not. It is your turn to learn what they do, and decide if they meet your specific functional needs in any given situation. PHP has dozens of functions and options (hundreds?) I've never had any reason to use (that I know of).

My suggestion: don't try to learn every single thing in PHP, but instead work at making something, then searching/studying solutions to those specific things you want to do (and never assuming anything you see in a random PHP tutorial is the best way to do it).
Copy linkTweet thisAlerts:
@developer_webauthorApr 22.2021 — @NogDog#1630691

Your suggestion is that, I should never try learning all the functions of php but go for the ones I would need in my projects ? Actually, that is exactly what I have been doing in the past 6 years and that is why I have never managed to learn all the php functions and am still in beginner level (procedural style).

Originally, I searched for a school that would teach me the whole php language but none of them got that in their curriculum. Instead, they just concentrate on php & mysql. You know what I mean.

And so, in 2017, after 2yrs of fruitless chase, I quit trying to learn the whole language and just made blueprints of what I want to build and researched which functions would be needed and went from there.

However, the other night, I thought, I might aswell learn the ones tutorials use the most as it is obvious professional programmers use these. In tutorials, I come across VALIDATE_EMAIL on some while SANITIZE_EMAIL on others. Thought since pros use both then might aswell design a script to use both. Howvere, in the past, I only designed scripts to use the FILTER_VALIDATE_EMAIl.

While trying to design a script, I realize if I use VALIDATE then SANITIZE is not really needed. But that is my unpro opinion only. That is why I said it is now your turn to show a code sample where both of the functions are needed. Why I asked you this ? Giving you orders to do my job for me ? Hell, no! I don't do that! I will never learn, if I get others to build my scripts.

You see, if you fail to come-up with a code sample one where both functions are needed then that would confirm to me that using both is not needed. I'm guessing now you have failed to come-up with a sample code where both functions are really necessary to use. If I am correct, then that means using both functions side-by-side is not really necessary. So, why didn't I just ask you if using both functions is necessary or not ? Because, I thought you never really bothered to use both and won't know the answer unless you try building a script trying to use both functions. Only then you'd come to some pro conclusion whether using both is necessary or not. Until then, you won't know.

You won't know how deep the rabbit hole is unless you get into it atleast once. Was trying to get you into it. ;)

You'd see more clearly how deep it is than me since you got more experiences in looking through holes similar to that. Like Fox holes. Lol! (NogDog chasing foxes right into their holes). Lol! Joke.

I do know that, sometimes the php vendor builds new functions in newer versions of php and deprecate old functions. I believe on this case they forgot to deprecate FILTER_SANTIZE_EMAIl() after they built the FILTER_VALIDATE_EMAIL() or they didn't bother removing it thinking "let them use it, whoever wants to". Most likely latter is true.

I will now stick to: FILTER_VALIDATE_EMAIL().

And ignore: FILTER_SANITIZE_EMAIL().
×

Success!

Help @developer_web spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...