Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts

    Filter_sanitize_email?

    I thought "FILTER_SANITIZE_EMAIL" was meant to sanitize the input value for storing (if something looks valid, store it, but clean it up in case a user used a funny format - especially with dates & phone #'s). For instance, if I entered "(example@email.com)" it would return "example@gmail.com."

    If this is not what it does, then what does it do?
    http://www.w3schools.com/php/php_secure_mail.asp

    PHP Code:
    function spamcheck($field) {
        
    $field filter_var($fieldFILTER_SANITIZE_EMAIL); // What's the point of this line?
        
    if (filter_var($fieldFILTER_VALIDATE_EMAIL)) {
            return 
    true;
        }
        else {
            return 
    false;
        }
    }
    if (isset(
    $_POST['email'])) {
        
    $mailcheck spamcheck($_POST['email']);
        if (
    $mailcheck == false) {
            echo 
    "Invalid Input";
        }
        else {
            
    $email $_POST['email'];
            echo 
    $email;
        }

    Last edited by RonnyNishimoto; 07-20-2012 at 08:59 PM.

  • #2
    Regular Coder
    Join Date
    Mar 2011
    Posts
    148
    Thanks
    0
    Thanked 20 Times in 20 Posts
    Hi,
    According to php.net , FILTER_SANITIZE_EMAIL will remove characters that are inappropriate for an email address to contain.
    Removes all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] .

  • Users who have thanked MarPlo for this post:

    RonnyNishimoto (07-19-2012)

  • #3
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    Thank you! I will try it again tomorrow.

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,474
    Thanks
    13
    Thanked 361 Times in 357 Posts
    though the question is, if the email address is modified by FILTER_SANITIZE_EMAIL, how do you know if the now formally valid address actually matches the address the submitting user meant to pass?
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    I don't think you could have an email like that. I think the SANITIZE makes sure to allow symbols and characters that might be used. All the other symbols shouldn't be used and I doubt email providers would allow it. Can you think of a case or symbol in which someone might have used legitally in their email?

  • #6
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,474
    Thanks
    13
    Thanked 361 Times in 357 Posts
    Quote Originally Posted by RonnyNishimoto View Post
    Can you think of a case or symbol in which someone might have used legitally in their email?
    no, but that’s not the issue. the issue is a typo from the submitting user.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #7
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    Wouldn't you need two inputs, and then if they are ==, you submit it to the database? I don't quite understand

  • #8
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,474
    Thanks
    13
    Thanked 361 Times in 357 Posts
    what if both inputs shared the same typo (say, by copy & paste) ?
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #9
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Dormilich View Post
    what if both inputs shared the same typo (say, by copy & paste) ?
    Then the world would explode!

    No, but really if they entered an invalid character both times, it would produce "Invalid Results." If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.

  • #10
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,474
    Thanks
    13
    Thanked 361 Times in 357 Posts
    Quote Originally Posted by RonnyNishimoto View Post
    If they typed a valid character both times, but it wasn't their email, I cannot do anything! The email will be sent to the wrong email.
    and that’s the reason why I wouldn’t use FILTER_SANITIZE_EMAIL, only FILTER_VALIDATE_EMAIL. if the email is wrong, tell it to the user.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • Users who have thanked Dormilich for this post:

    RonnyNishimoto (07-20-2012)

  • #11
    New Coder
    Join Date
    Jul 2012
    Posts
    85
    Thanks
    53
    Thanked 0 Times in 0 Posts
    Still don't understand, but I will remember to use VALIDATE!

  • #12
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Validate user input.

    Sanitize data read in from other sources to verify that it hasn't had anything that could cause security issues injected into it.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •