|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47270 Invalid email address allowed as valid
Submitted: 2009-02-02 09:44 UTC Modified: 2009-02-02 18:23 UTC
From: jason at netmums dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.8 OS: RHEL 5.3
Private report: No CVE-ID: None
 [2009-02-02 09:44 UTC] jason at netmums dot com
An email address is submitted to filter_var and returned as valid 
despite the domain being invalid. There are no single character top-
level domains.

Reproduce code:
$email = '';
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo "Invalid email address.";
} else {
echo "Valid email address.";

Expected result:
Invalid email address.

Actual result:
Valid email address.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-02 14:23 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

That domain might exist at your network.
 [2009-02-02 15:30 UTC] jason at netmums dot com
Thanks, perhaps a flag could be added to test against valid public TLDs 
supported by IANA versus technically valid internal addresses?
 [2009-02-02 18:23 UTC]
Just checking TLD isn't enough - actually we'd have to make a NS lookup but that's certainly outside the things of filter. The filter is for making sure nothing bad happens when using the value not checking whether the user couldn't type his name.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Sep 27 03:01:25 2023 UTC