is_email() VS sanitize_email()

is_email() will take the provided string( a email address) and run checks on it to ensure that it is indeed an email address and that the string has no illegal characters in it. It would simply not change anything in the string you provided but return either true if the string passes all the function checks or false if it doesn’t.

The sanitize_email() will take the provided string and strip out any characters that are not allowed in an email address and return only the characters that are allowed.

So if you had a string that needs to be an email like: user"[email protected]

is_email() would return false as the string contains characters that are not allowed in an email address.

sanitize_email() would return [email protected]

If you take user"[email protected] and first run it through the sanitize_email() function and then through the is_email() function it would then return true in this case as all the invalid characters are removed from the string and this allows the string to pass the is_email() checks.

I would suggest using both, is_email() to check first if the user submitted a proper email address and before commiting anything into the database check that is is indeed safe by running the sanitize_email() function at the latest possible point in your script.

Related Posts:

  1. vs WordPress Security
  2. How WordPress sanitizes post content on save? Or it doesn’t?
  3. how to sanitizing $_POST with the correct way?
  4. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  5. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  6. How safe / sanitized is wp_insert_posts()?
  7. When to use esc_html and when to use sanitize_text_field?
  8. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  9. What’s the difference between esc_* functions?
  10. Which KSES should be used and when?
  11. How to escape custom css?
  12. Do Cookies Need to be Sanatized Before Being Saved?
  13. Is default functions like update_post_meta safe to use user inputs?
  14. How Could I sanitize the receive data from this code
  15. Who is responsible for data sanitization in WordPress development?
  16. Is wp_kses the right approach in sanitizing this string?
  17. Is it sensible to worry about sanitizing admin input in plugin custom CSS?
  18. Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
  19. Does meta-data need to be sanitized?
  20. Do we need to escape data that we receive from theme options?
  21. How to redirect all HTTP requests to HTTPS
  22. what is a auth_user_file.txt?
  23. What’s the easiest way to stop WP from ever logging me out
  24. Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
  25. How to set up fail2ban with WordFence?
  26. How do WordPress Nonces Work?
  27. Disable comment windows for all existing posts (pages/blogposts)
  28. Generate WordPress salt
  29. Vanilla WordPress install, what can/should I put in disable_functions?
  30. Stop wordpress automatically escaping $_POST data
  31. Secure my “add_settings_field” translation?
  32. how can i embed wordpress backend in iframe
  33. Handling nonces for actions from guests to logged-in users
  34. Can I force a password change?
  35. How brute-forcer knows that the password is cracked for target username?
  36. wp_insert_post disable HTML filter
  37. What is pclzip.lib.php file that wordfence think it’s a malicious code
  38. Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
  39. How to disable XML-RPC from Linux command-line in a total way?
  40. How to remove javascript malware in wordpress site [closed]
  41. Securing my WordPress Files and Directories
  42. Restricting access to content
  43. Single sign-on: wp_authenticate_user vs wp_authenticate
  44. How to allow internal links using wp_kses filtration
  45. How does Cross Site Scripting (XSS) work exactly? [closed]
  46. Relative security of different releases of WordPress
  47. How does the “authentication unique keys and salts” feature work?
  48. esc_html__ security : what for in this example?
  49. Using HTACCESS for Secret Access
  50. wp-config.php being written by attacker
  51. XML-RPC errors they know my username?
  52. Is [admin / admin] acceptable for all local websites?
  53. Simple Online Payment for Event Registration [closed]
  54. What may be causing failure of auto-install features in WordPress (v3.0.3)?
  55. Client side HTTP parameter pollution (reflected)
  56. Local file inclusion critical security issue [closed]
  57. Malware script in database post table only? [closed]
  58. Best practices to assert current_user_can() with guests
  59. wordpress website host price and security [closed]
  60. XMLRPC slow and weird websites/services
  61. Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
  62. Is it safe to hand over the admin rights?
  63. correct tags for validating input types
  64. how much information can we hide when using wordpress cms?
  65. How to find exploited wordpress plugin [closed]
  66. Is it necessary to do validation again when retrieving data from database?
  67. How I can open back door for myself?
  68. System setting changed by system user
  69. How can I force a specific password?
  70. Sanitize user input fields before wp_insert_post
  71. Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
  72. Who updates the wp-admin/core file?
  73. Does this code indicate an exploit?
  74. How to prevent to direct access of my custom plugin folder/files
  75. Checking for origin of a xmlrpc request
  76. RESTRICT EDIT of PHP files?
  77. wp-content – permissions for files/folders created by apache
  78. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  79. Monitor wordpress all external calls
  80. HSTS header not being added correctly
  81. how to protect wordpress content from crawler
  82. Securing WordPress running on Azure platform
  83. Can WordPress admin user + database credentials be used to gain Cpanel or FTP access?
  84. Should I worry about SQL injection when using REST API?
  85. Spam Registrations
  86. Links to root domain from search engines don’t work, but direct links and links from other referrers do
  87. How can I backup my site if it gets hacked?
  88. Standard Method for Securing a WordPress Site
  89. Secure Multiple WordPress Installations on shared hosting
  90. Any way to disable /wp-login.php redirecting to the site folder?
  91. Able to go to WordPress admin even after deleting auth cookies from request headers
  92. Is WordPress ready for GDPR compliance? [closed]
  93. Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
  94. Competitor is somehow accessing MetaData on a hidden WordPress site
  95. WordPress Hacks/Defacing [closed]
  96. Bank account number and Sort Code in a form [closed]
  97. How do you search for backdoors from the previous IT person?
  98. Why is SSH password authentication a security risk?
  99. Is wp-cron.php vulnerable to external attacks and how to protect it?
  100. How to address security vulnerabilities: LUCKY13, BEAST, and BREACH

Leave a Comment