I'm coding a contact form and I want to validate and sanitize user input using filter_input The problem is that because I use it for every POST variable shall I do a validate then sanitize or what? my suggestion is as follows:
if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
exit ();
} else {
$email = $_POST['email'];
}
is this OK or I must re-sanitize the $_POST['email']
Thanks
Try this:
if ( !$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
exit();
}
echo $email