1

I'm trying to figure out why my sanitize filter don't work. When entering an email with incorrect characters, it displays the email with incorrect characters. I would have thought it will strip out incorrect characters and only display the correct email address. Below is my code. What am I doing wrong?

<?php       

if(filter_has_var(INPUT_POST, 'data')){

$email = $_POST['data'];

//Now remove illegal characters
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email;

}
?>  

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="data">
<button type="submit">Submit</button>
</form>
Improve this question
3
  • What is the sample input and what output do you get? Commented Jun 30, 2018 at 13:47
  • Let's say I enter jp)(*&@gmail)**&.com I'm expecting the sanitize filter to strip out the incorrect characters and to give me [email protected] Commented Jun 30, 2018 at 13:48
  • Parentheses are not allowed as part of a host or username but * is totally fine according to related RFC. Commented Jun 30, 2018 at 13:51

4 Answers 4

Reset to default
4

To me it seems to be working. I would however not want to store a different email than the exact input. If the incoming email adress is incorrect I would return an error message asking the user for a real email adress:

if(filter_has_var(INPUT_POST, 'data')){
  $email = trim($_POST['data']);
  $sanitized = filter_var($email, FILTER_SANITIZE_EMAIL);
  if($email === $sanitized && filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "This is a valid email: " . $email;
  } else {
    echo "This is an invalid email: " . $email;
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm doing a test. I want to test out how the sanitization filter works. Currently its not doing what it's supposed to do - sanitizing the email.
Interesting - When I do a search for filter_sanitize_email on php.net I get a message that says filter_sanitize_email does not exist. Is this filter maybe deprecated?
It seems to me that FILTER_SANITIZE_EMAIL is not as strict as one intuitively might like. It does for instance remove ( and / but not #. However, I don't think it is meant to generate a "good-to-go" email adress. One needs to use FILTER_VALIDATE_EMAIL afterwards to check if the adress truly is acceptable. :) (I don't think it has been deprecated. Look up this page php.net/manual/en/filter.filters.sanitize.php .)
0

I don't know if this is exactly what's you're looking for but just give it a try.

<?php
function filter_mail($string) {
   return preg_replace('/[^A-Za-z0-9.@\-]/', '', $string); // We remove special chars and accept only Alphs&Nums&.&@
}
$mail="jp)(*&@gmail)**&.com";
echo filter_mail($mail); //This will output the desired email
echo "<br>";
echo $mail; //This is how it was !
?>
Improve this answer

Comments

0

It seems like only certain types of characters can get sanitized. For instance here are examples of wrong emails that will get sanitized:

(comment)[email protected] - After sanitization: [email protected] "much.more unusual"@example.com - After sanitization: [email protected]

But these for instance will not get sanitized:

sarah{[@gmail}{[.com - After sanitization: sarah{[@gmail}{[.com jp*&@gmail**&.com - After sanitization: jp*&@gmail**&.com

Improve this answer

Comments

0

this may help, after sanitizing we need to check if it is a valid mail

<?php       
  if(filter_has_var(INPUT_POST, 'data')){
    $regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/'; 

    $email = $_POST['data'];
    $email = filter_var($email, FILTER_SANITIZE_EMAIL);

    if (preg_match($regex, $email)) {
      echo $email;
    } else {
      echo "invalid email";
    }
  }
?>
Improve this answer

1 Comment

But that's the point - the filter_sanitize_email does not sanitize. I'm trying to test that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.