Email Address special characters confusion

Question

I was playing around with filter_var to validate emails:

$email = "[email protected]"; 

if( filter_var( $email, FILTER_VALIDATE_EMAIL ) ){

    echo "{Valid Email";

}else{

    echo "Invalid Email";

}

That returns Valid Email.

But when I tried special characters like . $ # * ? & ! ^ ~ / ' - _ @ % {} | = + at the local part, Like :

$email = "[email protected]";
$email = "te/[email protected]";
$email = "te'[email protected]";
$email = "te}[email protected]";
$email = "te|[email protected]";
$email = "[email protected]";

That would return Valid Email too.

It's not accepting characters like <> [] ,.

But if I use $:

$email = "[email protected]";

That would return Valid Email, But also NOTICE Undefined variable: st

So should I use it to validate email addresses, Before inserting them to the DB?

Or I should use a custom Regular Expression?

Answer 1

When using double quoted strings, the $ character is seen as the beginning of a variable name. So $stlooks like a variable and PHP tries to interpolate it. This is easily resolved by using single quotes which does not interpolate variables in strings.

$email = '[email protected]';

See the PHP documentation for strings to learn more about this as it is an important part of PHP development.