Should I be Using FILTER_VALIDATE_EMAIL)) {

I have researched email validation and as well as preg_match I have seen the above. I have found several methods of implementation

if (!filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL)) {
and
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
and various permutations of the two.

Should I be using this method as opposed to preg_match, is there benefits of one particular method over others, apart from the obviously simpler syntax. When considering values received by form input is filter_input better than filter_var and is INPUT_POST, "email" preferred to $_POST['email'] and why ?

Thanks guys

Unless your preg_match is… obscenely complicated, it probably doesnt do as much as the filter does?

1 Like

Because filter_input can return three different values (the valid value, false, or null), two or all three of which could evaluate as not (!) true, and hides simple typo programming mistakes, it should be avoided in most cases since it would take more code to properly use the result.

Filter_var is better (only has two return values - the valid value or false), especially since you should be trimming and performing any ‘required’ validation prior to dong any email format validation.

1 Like

Thanks for info. Just one thing confused me -

the email format validation IS the required validation, I understand the trim requirement but I don’t understand the differation you make between ‘required’ and email validation. I assumed email validation would help prevent any injection as does hashing a password . . . ?

If you’re going to require that people’s emails end in @example.com, it’s quicker and less processing effort to check THAT before sticking the input through a complex filter to determine if its a valid email.

Got it ! - cheers

FYI the reason for hashing passwords is not injection. Passwords are hashed to prevent having the actual passwords of users in a database, which would be very bad if someone ever got their hands on it. More so since people tend to the use one password everywhere. They shouldn’t, but they do.

Sorry, misunderstanding here :grinning: But thanks for the feedback. I am aware of the primary reason for hashing a password. But I understand a spin off of this is that it also prevents injection because any code would be rendered meaningless.