php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50431 Using filter_var to filter an email address returns incorrect result
Submitted: 2009-12-09 18:59 UTC Modified: 2010-12-20 19:56 UTC
From: troy at scriptedmotion dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.2.11 OS: Ubuntu
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: troy at scriptedmotion dot com
New email:
PHP Version: OS:

 

 [2009-12-09 18:59 UTC] troy at scriptedmotion dot com
Description:
------------
Using filter_var to filter a string containing an email address with no top level domain returns the string instead of false.

For example:

filter_var('t@1', FILTER_VALIDATE_EMAIL);

returns 't@1' instead of false.

Reproduce code:
---------------
filter_var('t@1', FILTER_VALIDATE_EMAIL); // returns 't@1' instead of false.

Expected result:
----------------
false

Actual result:
--------------
"t@1" // a string

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-09 19:02 UTC] rasmus@php.net
That's a valid email address.  Email addresses don't need a tld.  Try 
emailing root@localhost, for example.  Any locally defined host can 
potentially receive email.
 [2010-05-08 02:32 UTC] office at lucian0308 dot com
i see a deference 
the standard is http://tools.ietf.org/html/rfc2822

this function respect the standard?

because PEAR http://pear.php.net/manual/en/package.validate.validate.email.php
say that use RFC2822 and it works corectly 

without  dot and level domain shoud be a false email.
 [2010-08-20 16:53 UTC] michael at squiloople dot com
The standards are actually RFC 5321 and 5322, and according to RFC 5321 (which 
goes into more specific detail over domain names in email addresses), "in the case 
of a top-level domain used by itself in an email address, a single string is used 
without any dots."
 [2010-12-20 02:02 UTC] vaughan dot montgomery at gmail dot com
ok you say that's a valid email.. but in a working user environment, using this 
filter to VALIDATE an email address is unworkable.

when users register on my site, i want to validate their email address.

if the user enters test@test, it returns as valid. but how on earth does my 
server know that the users email address .com/.net/.co.uk/.biz etc. so when it 
tries to send the user an email to validate his email address in order to 
register on my site, he never receives the email because the server doesn't know 
where to send it.

this means i can't use this filter for its intended purpose of validating an 
email address.

back to using regex and the old PHP 4 methods.

either make the filter return as invalid, or add an extra parameter to tell it 
to validate with a top level domain.

ie. filter_var('T@TEST', FILTER_VALIDATE_EMAIL, FILTER_FLAG_TOP_LEVEL)

if FILTER_FLAG_TOP_LEVEL is set, then 'test@test' returns invalid, if not, then 
return valid.

problem solved, and i'm sure many users would apreciate it.
 [2010-12-20 19:56 UTC] rasmus@php.net
Even if he enters test@test.com that still doesn't tell you if the email will get 
through to him.  You are in the same position.  The filter simply validates the 
string as a valid-looking email address.  Whether or not this is the actual user's 
email address is way beyond the scope of this function.  You can take it further 
and do an MX lookup on it, but that just means the host exists, it doesn't mean 
that user has an account on that box.  The only way to know is to actually deliver 
an email to the address and see if the user gets it.
 [2010-12-20 20:11 UTC] vaughan dot montgomery at gmail dot com
that's true. but in the real world! we aren't dealing with local issues. yes 
test@localhost is valid for local, but it's no good on a remote server. i want 
my users to have to enter their address as test@test.com or .co.uk or whatever, 
like everyone else out there who wants to use this filter for validating user 
email addresses. why is this so difficult to get through? what is so wrong with 
changing it or adding a filter flag to the filter for top level domains etc? 
then we have the best of both worlds.

if you won't do something about it, then this filter is pretty much useless to 
many people, i would have preferred to use it, but will have to stick to using 
the cumbersome regex method instead.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Dec 05 20:03:33 2021 UTC