I’m using is_email()
to check if a user-provided email address is valid. For example:
$email = $_POST['email'];
if ( is_email( $email ) )
// Do something.
To the best of my knowledge, nothing in this function writes info to the database. Should I be sanitizing $email
before I pass it to the function?
Looking at the is_email()
functionality on trac, it looks like you don’t need to sanatizie as it’s just string testing. I would even go so far as to say that if this function returns true, you wouldn’t need to sanitize it before sending it into the database.