FILTER_VALIDATE_EMAIL is not working in PHP

Question

I apologize if this is somehow a duplicate question. I've read a hundred posts and tried to implement every fix I uncovered to no avail.

I'm passing a variable called email_tocheck. I simply want to ensure that the email is not already in the database && that it is a "valid" email.

No matter what I do, I cannot meet the requirements of a valid email. If I simply type 'myemail@mydomain.com' in single quotes instead of $email in the first IF statement, the email comes back as Undefined. I'm stuck. Big time.

Am I making a stupid syntax error? I like so many am new to this. Any thoughts would be most appreciated.

$url=$_SERVER['QUERY_STRING'];
parse_str($url);
$email = "'$email_tocheck'";
$sql = "SELECT * from EmailList where Email=$email";    
$conn->query($sql);
$result = $conn->query($sql);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    if((mysqli_num_rows($result)>0)){   
            $num1 = 'Not Valid';
            $num2 = 'This email has been unsubscribed.';
            echo json_encode(array($num1, $num2)); 
    } else {
            $num1 = 'Valid';
            $num2 = 'Send away';
            echo json_encode(array($num1, $num2));
    }
} else {
    $num1 = 'Not Valid';
    $num2 = 'A valid email is required.';
    echo json_encode(array($num1, $num2,$email)); 
}

You should not put quotes around your variables, only in the sql and then only if you have escaped the value correctly. Better get rid of the quotes altogether and use a prepared statement. — jeroen, Feb 03 '16 at 12:22
I had removed the quotes altogether, but then I couldn't get the SQL statement to work. I've tried every conceivable version of quotes and non-quotes. I think what you're saying is that I need two version of $email - one for the SQL statement and one for the filter_var. I'll read up on prepared statements. — David Weisser, Feb 03 '16 at 12:52
SOLVED. Upvoted Saty. The solution was indeed two versions of the $email. Thank you all...but, out of curiosity, why the down vote on my question? — David Weisser, Feb 03 '16 at 13:03

Ben · Answer 1 · 2016-02-03T12:30:09.767

0

$email = "'$email_tocheck'";

This means $email is 'foo@bar.com' (which is not a valid email address), when it should be foo@bar.com (without quotes). Change the line to:

$email = $email_tocheck;

Or sanitise however you want, for example for whitespace:

$email = trim($email_tocheck);

edited Feb 03 '16 at 12:30

answered Feb 03 '16 at 12:21

Ben

8,894
7
44
80

1

A non-empty string - a valid email address - will evaluate to `true` so that part of the OP's code will work without any problems. – jeroen Feb 03 '16 at 12:23
Indeed, issue 2 is not an issue.. it perfectly works.. you should remove it from the answer – Mihai Matei Feb 03 '16 at 12:28
@jeroen this is a good point, I do this out of practice because you can't be sure of the outptut of `filter_var` unless it is `false`. I have removed it. – Ben Feb 03 '16 at 12:28
@MateiMihai Have done. – Ben Feb 03 '16 at 12:29
Note that now the sql will fail :-) – jeroen Feb 03 '16 at 12:30
@jeroen Should be doing it properly then! http://php.net/manual/en/pdo.prepared-statements.php – Ben Feb 03 '16 at 12:30
Yes. The SQL will fail without the quotes...maddening. – David Weisser Feb 03 '16 at 12:54

FILTER_VALIDATE_EMAIL is not working in PHP

1 Answers1