Validating email addresses

Question

I'm going back over a project and tidying up some of the validation bits and usually I would use a regex check to validate that an email is correct, then I came across: https://www.php.net/manual/en/function.filter-var.php

Now I have tried a couple of tests and I am not getting the results I expected.

$email_b = 'bog^us@gmail.com';
var_dump(filter_var($email_b, FILTER_SANITIZE_EMAIL));

which returns:

string(16) "bog^us@gmail.com" 

but to me that's not sanitized and then when I try

if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) {
    echo "This (email_b) email address is considered valid.";
}

Which again I would say isn't a valid email address.

Am I missing something here?

Answer 1

Yes, you are missing something. bog^us@gmail.com is a valid email address, so your tests are returning a correct result. See this article for a quick run down on what characters are valid in an email address.

http://en.wikipedia.org/wiki/Email_address

In the local part of the email address (the bit before the @) the following characters are legal:-

• Uppercase and lowercase English letters (a–z, A–Z) (ASCII: 65–90, 97–122)
• Digits 0 to 9 (ASCII: 48–57)
• Characters !#$%&'*+-/=?^_`{|}~ (ASCII: 33, 35–39, 42, 43, 45, 47, 61, 63, 94–96, 123–126)

Plus some others with restrictions as dtailed in the linked article.

The article has examples of invalid addresses for you to use in your tests. Such as:-

• Abc.example.com (an @ character must separate the local and domain parts)
• Abc.@example.com (character dot(.) is last in local part)
• Abc..123@example.com (character dot(.) is double)