Brandon Savage has a new post about a key concept that both new and experienced developers need to remember when working with user input - Filter Input, Escape Output (FIEO).
Brand-new PHP developers have drilled into their heads the concept of Filter Input, Escape Output (FIEO). This concept essentially insists that all user-provided content be filtered or escaped, without exception. With the delivery of PHP 5.2.0, this got a lot easier, because PHP included, by default, the Filter library.
He gives two examples of an email validation method - one using a regular expression and the other using the filter_var function of the filter extension with the FILTER_VALIDATE_EMAIL constant for the type.