what is the difference between using:

1. HTML 5 <input type="mail"> (it validate user email input without any JavaScript or any other code.

2.PHP

filter_var($email, FILTER_SANITIZE_EMAIL);

3. WordPress sanitize_email:

   $email=sanitize_email(' [email protected]);

what is the difference between using:

1. HTML 5 <input type="mail"> (it validate user email input without any JavaScript or any other code.

2.PHP

filter_var($email, FILTER_SANITIZE_EMAIL);

3. WordPress sanitize_email:

   $email=sanitize_email(' [email protected]);

• php
• email
• html5

Share Improve this question edited Oct 14, 2017 at 21:51 IBRAHIM EZZAT asked Oct 14, 2017 at 21:32 IBRAHIM EZZATIBRAHIM EZZAT 26922 silver badges99 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

1- HTML5

<input type=”email”>

Define a field for an e-mail address (will be automatically validated when submitted)

Tip: Safari on iPhone recognizes the email type, and changes the on-screen keyboard to match it (adds @ and options).

important It's also crucial to remember that a user can tinker with your HTML behind the scenes, so your site must not use this validation for any security purposes. You must verify the email address on the server side of any transaction in which the provided text may have any security implications of any kind. for more information Link

2-php The FILTER_VALIDATE_EMAIL filter validates an e-mail address which Remove all illegal characters from email,

• The filter_var() function filters a variable with the specified filter.Returns the filtered data on success, or FALSE on failure

for example:

<?php

$email = "[email protected]";

// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
echo("$email is a valid email address");
} else {
echo("$email is not a valid email address");
}
?>

for more check Link

3-wordpress:

Strips out all characters that are not allowable in an email address.After sanitize_email() has done its work, it passes the sanitized e-mail address through the sanitize_email filter.

<?php sanitize_email( $email ) ?>

example:

<?php
$sanitized_email = sanitize_email('     [email protected]!     ');
echo $sanitized_email; // will output: '[email protected]'
?>

This function uses a smaller allowable character set than the set defined by RFC 5322. Some legal email addresses may be changed. Allowed character regular expression: /[^a-z0-9+_.@-]/i. sanitize_email() is in a class of functions that help you sanitize potentially unsafe data which allow you to pass an arbitrary variable and receive the clean version based on data type. Others include:

for more check Link

Conclusion:

1. use Html 5 input tag type email (it's cool),but not depend in security purposes .

2.you should use sanitize ,php filter + if-else (logic) to secure your input.