phppup Posted March 16, 2020 Share Posted March 16, 2020 I am setting up a new form with more updated PHP code and seek some opinions: Is using FILTER_VALIDATE_EMAIL FILTER_SANITIZE_EMAIL just as good or better than the predisposed methods of the acceptable Regular Expression Pattern ie: '/^\ [A-Za-z0-9_]([\.-]?\w+)*@\ [A-Za-z0-9_]([\.-]?\ [A-Za-z0-9_])*(\.\w{2,3})+$/' On a slightly related topic, during testing I used PHP to create a SQL table and discovered that if the table already exists, an error message stating that the "table already exists" will be produced and the existing table will stay in tact. Does this eliminate the need to use code that would state if($exists !== FALSE) { echo("This table already exists"); } or is it suggested as a "best practice" as either a safeguard or coding approach? Quote Link to comment Share on other sites More sharing options...
gizmola Posted March 16, 2020 Share Posted March 16, 2020 For these types of questions, you have to do some research, reading the manual page, and any associated comments. In most cases, I would opt for a validation filter unless I knew I had some edge cases I absolutely had to support. In the case of email, you need to do a couple of things per the manual: Quote Validates whether the value is a valid e-mail address. In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported. So you want to review RFC 822 (if you care enough) to see what RFC 822 specifies in regards to valid email addresses. There are a good number of interesting notes you probably want to read, and possibly test out. Quote Link to comment Share on other sites More sharing options...
phppup Posted March 16, 2020 Author Share Posted March 16, 2020 (edited) Any other opinions? PS: there are TWO questions that I inquired about. Edited March 16, 2020 by phppup Quote Link to comment Share on other sites More sharing options...
ginerjm Posted March 17, 2020 Share Posted March 17, 2020 Your second question is not very clear. But - have you researched what happens when you use the IF NOT EXISTS clause in your create statement? Look it up. Quote Link to comment Share on other sites More sharing options...
Psycho Posted March 17, 2020 Share Posted March 17, 2020 (edited) Your RegEx for email addresses is already flawed. Use built-in methods unless, as @gizmola stated, you have a use case that is not supported). As to your second question, if the error message you are referring to is one that is thrown from the DB, then you should absolutely have logic to show the message you define. Never expose DB errors to the user. You should always capture those and show a "friendly" message to the user that does not expose any details they could use to infiltrate the system. Edited March 17, 2020 by Psycho 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.