Use Of Filter_Var For Email Address Validation

[Jon]

I'm not sure that using if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) is such a good idea as it allows for example, fred@theshed without any domain qualifiers following, but the preg_match used in PHP 6 and MySQL 5 seems to work well.

 

Or maybe I am missing something ?

[Stuart]

This has been reported as a bug on php.net in the past and I haven't read it fully but detailed somewhere in RFC3696/RFC5322 a domain omitting the TLD is valid as mail() can be used to send local network mail to an email omitting the TLD.

 

Quote from Rasmus on the bug report:

 

Also we do not validate domains, so your 2 examples of invalid TLDs are not relevant.

 

It's something I wasn't aware of so thanks for bringing it up - as this local network issue will never be relevant I may now move to a REGEX method using FILTER_VALIDATE_REGEXP.

 

A regex doesn't stop people putting in fake emails though so you should still send a validation email - but it does catch most typos.