Jump to content

Newer PHP code


phppup
 Share

Recommended Posts



I am setting up a new form with more updated PHP code and seek some opinions:
Is using

 

  • FILTER_VALIDATE_EMAIL
  • FILTER_SANITIZE_EMAIL

just as good or better than the predisposed methods of the acceptable Regular Expression Pattern
ie:  

 '/^\ [A-Za-z0-9_]([\.-]?\w+)*@\ [A-Za-z0-9_]([\.-]?\ [A-Za-z0-9_])*(\.\w{2,3})+$/'

On a slightly related topic, during testing I used PHP to create a SQL table and discovered that if the table already exists, an error message stating that the "table already exists" will be produced and the existing table will stay in tact.  Does this eliminate the need to use code that would state

if($exists !== FALSE)
{
   echo("This table already exists");
}


or is it suggested as a "best practice" as either a safeguard or coding approach?

Link to comment
Share on other sites

For these types of questions, you have to do some research, reading the manual page, and any associated comments.  In most cases, I would opt for a validation filter unless I knew I had some edge cases I absolutely had to support.  In the case of email, you need to do a couple of things per the manual:

Quote

Validates whether the value is a valid e-mail address.

In general, this validates e-mail addresses against the syntax in RFC 822, with the exceptions that comments and whitespace folding and dotless domain names are not supported.

So you want to review RFC 822 (if you care enough) to see what RFC 822 specifies in regards to valid email addresses.  There are a good number of interesting notes you probably want to read, and possibly test out. 

 

Link to comment
Share on other sites

Your RegEx for email addresses is already flawed. Use built-in methods unless, as @gizmola stated, you have a use case that is not supported).

As to your second question, if the error message you are referring to is one that is thrown from the DB, then you should absolutely have logic to show the message you define. Never expose DB errors to the user. You should always capture those and show a "friendly" message to the user that does not expose any details they could use to infiltrate the system.

Edited by Psycho
  • Like 1
Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.