Jon Posted August 16, 2011 Share Posted August 16, 2011 I'm not sure that using if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) is such a good idea as it allows for example, fred@theshed without any domain qualifiers following, but the preg_match used in PHP 6 and MySQL 5 seems to work well. Or maybe I am missing something ? Link to comment Share on other sites More sharing options...
Stuart Posted August 16, 2011 Share Posted August 16, 2011 This has been reported as a bug on php.net in the past and I haven't read it fully but detailed somewhere in RFC3696/RFC5322 a domain omitting the TLD is valid as mail() can be used to send local network mail to an email omitting the TLD. Quote from Rasmus on the bug report: Also we do not validate domains, so your 2 examples of invalid TLDs are not relevant. It's something I wasn't aware of so thanks for bringing it up - as this local network issue will never be relevant I may now move to a REGEX method using FILTER_VALIDATE_REGEXP. A regex doesn't stop people putting in fake emails though so you should still send a validation email - but it does catch most typos. Link to comment Share on other sites More sharing options...
Recommended Posts