I have learned today, that it is possible to validate e-mail two ways. One way is by regular expression and the other is by filter_var() function.
If anyone could tell me how strong the validation with filter_var is and if there are any recommendations or suggestions on thoughts about switching from regular expression to it, then it would be just great.
If you use filter_var it will validate things like [email protected] which is strictly speaking valid but you may not want to allow such an address in your application.
If you use a regular expression you have more control over what to allow and disallow.
The most reliable way to validate an email address though is to try to send an e-mail to it and request the recipient to click a link to confirm. This will also have another benefit - it is possible someone could make a typo while entering their e-mail address such that the result is still a valid email address, but just not the correct address.
As Mark Byers said, filter_var does validate anything that is stricly speaing valid, and I consider this a good thing. For example, with Gmail :
Your e-mail adresse is [email protected]. You want to register on website x.com. You don't entirely trust the website, and you register with the e-mail adresse [email protected]. Gmail automaticly redirects it to your own inbox. Therefore, if this untrusted website sells your e-mail adress to someone and you receive an e-mail adressed to [email protected], you know who gave your e-mail adress away!
You may not think about things like this when you write your own regexp, and it can become really annoying for people (like me!) who use this syntax. I always use filter_validate(). This way, I know a valid e-mail adress will always be validated.
Anyway, let's be honest : whether you use your own regexp or filter_validate, I can still write a fake e-mail adress that will be validated. You may as well accept anything and send an "Activate your account" e-mail to make sure the user can receive and read e-mails from your website.