$str = '"mynam@blabl"@domanin.com';
filter_var($str, FILTER_VALIDATE_EMAIL);//return valid email.
the above email returns true... Fair enough that RFC 2822 says it's a legal email address.
my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var?
my question is if you validate an email using the above could an email carry sql injections that can harm the db even though you have filtered it with filter_var?
filter_var is not a replacement for database specific sanitation like mysql_real_escape_string()! One needs to always apply that, too.