我应该使用filter_var来验证电子邮件吗? [英] Should I use filter_var to validate email?
问题描述
我有一个类,可以在将每个输入发送到数据库层之前对其进行验证.请注意,我的问题与转义或其他无关.我的数据库层将处理SQL注入问题.我要做的就是验证电子邮件是否有效,因为稍后该电子邮件可能被用作发送给".例如,用户将通过发送到电子邮件的链接来恢复对其帐户的访问.我读了很多有关filter_var的内容,有很多人反对它,而另一些人则赞成.一直专注于我只想验证电子邮件,而不是对数据库,html或XSS或其他内容进行过滤",使用filter_var是否有问题?
I have a class that validates every input before I send it to the database layer. Note that my problem is not about escaping or anything. My database layer will handle the SQL Injection problem. All I want to do is validate if the email is valid or not because later that email might be used as a 'send to'. For instance, the user will recover access to his account through a link sent to the e-mail. I read a lot about filter_var and there are a bunch of people being against it and other bunch being in favor. Keeping the focus on 'I just want to validate email and not filter it for database or for html or XSS or whatever', is there a problem in using filter_var?
推荐答案
是的,你应该.
使用标准库验证而不是家庭酿造有多个好处:
Using the standard library validation instead of a home brew one has multiple benefits:
- 许多人已经看到了您将要使用的代码(至少有两个),希望甚至在将其合并到发行版之前就具有电子邮件验证的经验.
- 它是已测试单元.
- 其他人将使用相同的支票,并
- Many eyeballs already seen the code (well, at least two) you will be using, hopefully with experience in email validation even before it's merged into a release.
- It's unit tested.
- Other people will use the same check and report bugs and you get these fixes for free on php updates.
但是,检查电子邮件地址的格式只是第一道防线,如果您真的想知道它是真实的,则必须向其发送消息.
However checking the format of an email address is only the first line of defense, if you really want to know that it's real or not, you will have to send a message to it.
这篇关于我应该使用filter_var来验证电子邮件吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
