TalkPHP - View Single Post

Salathe · 01-08-2008, 03:04 PM

FILTER_VALIDATE_EMAIL only uses a (PCRE) regular expression to validate the email address anyway: it's important to know what the filter will and will not allow as it may possibly be different from what you're prepared to accept in your application. That said, it's not a part of the PHP core for nothing. The regular expression is the same as used in the PEAR QuickForm Email validation.

FILTER_VALIDATE_URL does a few things, and there are flags to further hone the behaviour of the filter. Firstly, this filter removes any invalid characters (as per the appropriate RFC specs) and if nothing is left (ie, the entire string contained invalid characters!) the validation fails. Next, the string is passed through parse_url. If the string cannot be parsed as an url (including any required parts defined by the flags used, if any), the validation fails. If all goes well, the validation is successful.

Note: A scheme is required (http, mailto, file, etc.). Important, an 'url' such as file://c:/myfile.exe or even (a made up one!) talkphp://salathe/pm will be allowed by this filter.

Summary
The above might come across to the reader as negative towards the filters. I like the filters as another tool available for our use, but to be able to effectively use any tool you really have to know how it works which the post above aimed to inform you about.

With all that said, Wildhoney's latest point about people using regular expressions echoes the idea behind this post. The tools are there to be used, whether you understand how/why/when to use the tool is another matter altogether.

01-08-2008, 03:04 PM	#5 (permalink)
Salathe Moderateur Join Date: Apr 2007 Posts: 1,393 Thanks: 5	`FILTER_VALIDATE_EMAIL` only uses a (PCRE) regular expression to validate the email address anyway: it's important to know what the filter will and will not allow as it may possibly be different from what you're prepared to accept in your application. That said, it's not a part of the PHP core for nothing. The regular expression is the same as used in the PEAR QuickForm Email validation. `FILTER_VALIDATE_URL` does a few things, and there are flags to further hone the behaviour of the filter. Firstly, this filter removes any invalid characters (as per the appropriate RFC specs) and if nothing is left (ie, the entire string contained invalid characters!) the validation fails. Next, the string is passed through parse_url. If the string cannot be parsed as an url (including any required parts defined by the flags used, if any), the validation fails. If all goes well, the validation is successful. Note: A scheme is required (http, mailto, file, etc.). Important, an 'url' such as `file://c:/myfile.exe` or even (a made up one!) `talkphp://salathe/pm` will be allowed by this filter. Summary The above might come across to the reader as negative towards the filters. I like the filters as another tool available for our use, but to be able to effectively use any tool you really have to know how it works which the post above aimed to inform you about. With all that said, Wildhoney's latest point about people using regular expressions echoes the idea behind this post. The tools are there to be used, whether you understand how/why/when to use the tool is another matter altogether.