I am creating contact form and there I have input field, type email. In the future, I am planing to save this email and all other data into database. Therefore I have a question on how to validate that email properly in PHP?
-It has to accept utf-8 and all international individual characters that email can have.
For now, I have made two different email validations.
First one is made by using filter_var() but this one doesn't allow international characters to be used. (Therefore I have removed it.)
Second, I have used custom regex '/^[^\s@]+@[^\s@]+.[^\s@]+$/ui' and this one is allowing use of international characters but it also allows '/* and other characters which are threat for possible SQL injection.
I am also aware, that there is an option to send email to a user to verify that email but I am wondering, is there any verification method which I can use to validate email internationally and to prevent SQL injection?
Maybe encrypting/decrypting email? Maybe PDO should be enough?
In case someone is looking for an answer to this question, Now after two years of working as a developer I would agree with Alex Howansky comment:
Preventing SQL injection doesn't happen by ensuring you have a valid email address, it happens by using prepared statements with bound parameters.