ansaurus

Question

Why does filter_var($email, FILTER_VALIDATE_EMAIL) allow test@test?

Answer 1

+4 A:

It is a valid email address. It isn't going to work on the Internet (at least, not today), but it is fine for a local address.

I would assume that the developers are taking the sensible approach to checking email addresses and not building themselves a system that is guaranteed to go out of date as soon as a new TLD is introduced. We have enough email address syntax checkers that reject [email protected] as it is.

David Dorward 2010-08-04 14:28:09

Do you think section 2.3.5 of RFC 5321 doesn't apply?

Artefacto 2010-08-04 14:43:59

Answer 2

+1 A:

No, test can be a local / internal network domain, so that would work. I like it that it correctly validates wrikken@localhost when developing for instance.

A normal nonexistentdomain.foo would have the same problem. If you want to test whether something is delivarable to a host, use getmxrr (and it that fails fall back to gethostbyname()).

Wrikken 2010-08-04 14:29:50

So is it best to allow local addresses? Or should I use getmxrr along with it if I dont want to allow something like test@test?

Metropolis 2010-08-04 14:41:11

Wouldnt it be better to check using checkdnsrr? Because if their server is down, or something else, then getmxrr will return false. Right?

Metropolis 2010-08-04 14:44:25

Wrikken 2010-08-04 15:03:38

Answer 3

+6 A:

The behavior has changed somewhere around April. See bug #49576 and revision 297350.

That e-mail is indeed invalid, or at least that's what the PHP developers understood. The source carries this notice:

/*
 * The regex below is based on a regex by Michael Rushton.
 * However, it is not identical.  I changed it to only consider routeable
 * addresses as valid.  Michael's regex considers a@b a valid address
 * which conflicts with section 2.3.5 of RFC 5321 which states that:
 *
 *   Only resolvable, fully-qualified domain names (FQDNs) are permitted
 *   when domain names are used in SMTP.  In other words, names that can
 *   be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
 *   in Section 5) are permitted, as are CNAME RRs whose targets can be
 *   resolved, in turn, to MX or address RRs.  Local nicknames or
 *   unqualified names MUST NOT be used.

The changelog mentions this bug fix for PHP 5.3.3 and PHP 5.2.14.

Artefacto 2010-08-04 14:40:50

The ticket for this bug is marked fixed as of PHP5.3.3 and PHP5.2.14

Gordon 2010-08-04 14:48:24

Great catch Artefacto. So I assume the rules have changed? Why has this changed? I wish they would explain what they are checking in the filter_var documentation. So will this return true before 5.3.3 and false after 5.3.3? The system I am using this on is 5.2.12

Metropolis 2010-08-04 14:49:31

@Metro It checks the e-mail for compliance with Internet standards. The fact `test@test` was allowed before was a bug.

Artefacto 2010-08-04 14:52:56

@artefacto So what is the most full proof way to check for this in versions before 5.3.3 and 5.2.14?

Metropolis 2010-08-04 14:59:05

Should I just use the newest regex at the revision above?

Metropolis 2010-08-04 15:03:19

@Metropolis you can take the RegEx pattern from rev 297350 and make it into a custom validator function or use it directly with `FILTER_VALIDATE_REGEXP` then.

Gordon 2010-08-04 15:04:03

Awesome! Thanks a lot guys.....

Metropolis 2010-08-04 15:06:10

OK, clear, will keep that in mind (and I'll have to change some @localhost email-addresses asap...)

Wrikken 2010-08-04 15:24:45

Answer 4

A:

MichaelRushton 2010-08-14 10:14:18

ansaurus

tags:

views:

answers:

Why does filter_var($email, FILTER_VALIDATE_EMAIL) allow test@test?

related questions