This question already has answers here: Should I sanitize an email address before passing it to the is_email() function? (3 answers) is_email() VS sanitize_email() (1 answer) Closed 5 years ago.

Assume I have checked an email using is_email and the result is true, should I sanitize with sanitize_email? if yes, then why?

This question already has answers here: Should I sanitize an email address before passing it to the is_email() function? (3 answers) is_email() VS sanitize_email() (1 answer) Closed 5 years ago.

Assume I have checked an email using is_email and the result is true, should I sanitize with sanitize_email? if yes, then why?

• validation
• sanitization

Share Improve this question edited Aug 7, 2019 at 21:27 Makiomar asked Aug 7, 2019 at 18:34 MakiomarMakiomar 15177 bronze badges 3

• No, that answer explains what these functions do, but i want to understand what makes me sanitize an email which been considered valid after using is_email – Makiomar Commented Aug 7, 2019 at 21:24
• I have rewritten the question – Makiomar Commented Aug 7, 2019 at 21:30
• You should sanitize any data being added to the DB. For more specific feedback, explain what you're doing with the email address. I agree that the answer to the question referenced by Antii covers this topic. – Dave Romsey Commented Aug 7, 2019 at 21:34

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

Regarding the edited question, here's another old Q&A, which might actually be a better reference, Should I sanitize an email address before passing it to the is_email() function?, especially @kaiser's answer.

And regarding kaiser's Funny sidefact now as I had a look at the sources for both functions (is_email(), sanitize_email()), they are indeed basically the same.

So to quote @Howdy_McGee's answer,

I would even go so far as to say that if this function returns true, you wouldn't need to sanitize it before sending it into the database.

But he also notes in the comments about using the sanitize function,

...better safe than sorry and the sanitization overhead would be entirely unnoticeable.

So based on these, I'd say that it is not strictly necessery to use sanitize_email() after is_email() returns truthy value (the email). You could use it maybe out of habbit or consistency of sanitizing everything before saving stuff to the database (if, that is what you're going to do with the email).