Is PHP confused about FILTER_VALIDATE_EMAIL?

This site is best viewed in a modern browser with JavaScript enabled.

Is PHP confused about FILTER_VALIDATE_EMAIL?

phantom007

Please consider the following code:

var_dump(filter_var('a=b@test.com',  FILTER_VALIDATE_EMAIL));

Ideally the above email should be invalid and var_dump should return false but the strange thing is when u run this code on the following sites they return non similar results, can anyone tell me whats going on?

Site: http://codepad.org/MtDCoxxZ
Output: false

Site: http://writecodeonline.com/php/
Output: True

denbrian

I need more details about you topics, can you send me?

http://www.mediaidentity.co.uk/

NogDog

What makes you think it's an invalid email address? (You might be surprised what the standard actually allows, though 99.9% or more of in-use email addresses only use a fairly small sub-set of what is allowed.)

Using one regexp that claims to be RFC-compliant:

<?php

$regex = '#(?:[a-z0-9!\#$%&\'*+/=?^_`{|}~-]+(?:\.[a-z0-9!\#$%&\'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])#';

$test = preg_match($regex, "a=b@foo.com");
var_dump($test); // (int) 1

The_Alchemist

Try using this :

$pattern = '/[^\pL\pN!#$%&\'\*\+\-\/\=\?\^\_`\{\|\}\~\@\.\[\]]/u';
$email = preg_replace($pattern, '', 'some@email.com');

I've tested it.

phantom007

The Alchemist;1283799 wrote:
Try using this :
$pattern = '/[^\pL\pN!#$%&\'\*\+\-\/\=\?\^\_`\{\|\}\~\@\.\[\]]/u';
$email = preg_replace($pattern, '', 'some@email.com');
I've tested it.

Thanks but what will it do?

The_Alchemist

You said you're having issues with filter_var() so, here's something that'll do the work.

NogDog

It also depends on why you want to filter_var() it in the first place. Syntax checking is often of limited value (at best). If the user enters a syntactically correct email address which is misspelled, it's not of much use. If you reject a valid email address because your regular expression rejects certain edge cases that are, in fact, valid, it's not only of limited use but can actually lose business for you.

This is probably why most site registrations just take whatever the user gives them (often using the enter-it-twice method) and sends an email with a custom link to validate the registration. In other words, the only way to truly know if an email address is completely correct is to use it.