PHP: Verify And Sanitize Email Address

Q. How do I verify input data such as email address under PHP programming language?

A. You need to use PHP Filters designed for safely dealing with input parameters. It can validate and filter data coming from some insecure source, such as user input via filter extension. This extension is part of PHP Core version 5.20 and above, but you can always install it under Linux. You can use filters to validate following type of data:

=> regex
=> url
=> email
=> strings
=> magic_quotes
=> regular data types such as int, float etc

Validate email address

Here is a sample code:

if ( filter_var($email, FILTER_VALIDATE_EMAIL)  == TRUE) {
	echo 'Valid Email Address';
	echo 'Invalid Email Address';

filter_var() will filter a variable with a specified filter. In this case you’ve used FILTER_VALIDATE_EMAIL filter. You may also want to sanitizes the e-mail using following code:

$out=filter_var($email, FILTER_SANITIZE_EMAIL);

Here is another sample:

// form.php
$_POST['email'] = stripslashes(trim($_POST['email']));
$tmpEmail=filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if ( filter_var($tmpEmail, FILTER_VALIDATE_EMAIL)  == TRUE) {
	// callSmtp
	//show error
	echo 'Invalid Input - an error has occurred when trying to send this email';

Further readings:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 6 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • Abhisek Sep 20, 2008 @ 0:30

    thanks. much it easier it seems.

  • apriyanda Sep 21, 2008 @ 10:30

    please verify my e-mail

  • rocelle Sep 25, 2009 @ 7:16

    how verify email address

  • Toronto Guy Nov 8, 2010 @ 4:36

    Does the email filter check if an email is fake ? Or is there a sperate function to filter email domains?
    Good contribution,thanks for sharing

  • Chris Apr 15, 2011 @ 4:37

    Several problems with the FILTER_VALIDATE_EMAIL constant. Test it with gmail emails. It fails. Also fails with other types of email accounts.

  • Mark "Chief Alchemist" Simchock May 18, 2011 @ 15:02

    re: problem with FILTER_VALIDATE_EMAIL

    I believe the issue here is that if invalid the function returns FALSE. Else, if it is a valid email it returns the actual email address (instead of TRUE).

    Best I can tell in PHP there is no native function that accepts a string and returns a boolean on where that string is a valid email or not. Moi? I wrote a simple function that uses FILTER_VALIDATE_EMAIL and returns TRUE if FILTER_VALIDATE_EMAIL returns !FALSE. Why there’s not something in PHP itself at this point, I don’t understand.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum