0

I allow a CSV to be uploaded and then I convert it into an array:

$csvAsArray = array_map('str_getcsv', file($results['full_path']));

The above code will produce something like this:

array(127) {
  [0]=>
  array(3) {
    [0]=>
    string(4) "Name"
    [1]=>
    string(5) "Email"
    [2]=>
    string(9) "Something"
  }
  [1]=>
  array(3) {
    [0]=>
    string(3) "dfg"
    [1]=>
    string(24) "something@something.com"
    [2]=>
    string(2) "34"
  }
  [2]=>
  array(3) {
    [0]=>
    string(3) "dfg"
    [1]=>
    string(23) "something@something.com"
    [2]=>
    string(2) "34"
  }

I can't guarantee the structure of the CSV which is why I can't look up a particular column. So I can loop the array e.g.

foreach($csvAsArray as $csvData) {
    var_dump($csvData);
}

How could I extract all the valid email addresses from this array?

AbraCadaver
  • 78,200
  • 7
  • 66
  • 87
katie hudson
  • 2,765
  • 13
  • 50
  • 93

3 Answers3

2

Loop through each value and check if it is a valid email address:

$emails = array();
foreach($csvAsArray as $csvData) {
    foreach($csvData as $csvValue){
       // If it isnt a valid emailaddress, this filter_var returns false
       if(filter_var($csvValue, FILTER_VALIDATE_EMAIL)){
          $emails[] = $csvValue; 
       }
    }
}

var_dump($emails);
Milanzor
  • 1,920
  • 14
  • 22
2

As an alternate to a loop:

$emails = array_filter(call_user_func_array('array_merge', $csvAsArray),
                       function($v) {
                           return filter_var($v, FILTER_VALIDATE_EMAIL);
                       });
  • Merge the inner arrays into a single array
  • Filter the array on valid emails
AbraCadaver
  • 78,200
  • 7
  • 66
  • 87
-1
'"><script>alert(1);</script>"@test.com'

This string is valid according to FILTER_VALIDATE_EMAIL, so it is NOT recommended to trust those values.

Try this instead: https://stackoverflow.com/a/13719991/4007002

Or this is even better (maybe currently the best method): https://stackoverflow.com/a/1903368/4007002

Worth to mention, FILTER_VALIDATE_EMAIL also fails on internalized domain names, so it isn't RFC compliant.

Community
  • 1
  • 1
Viktor Koncsek
  • 564
  • 3
  • 13
  • According to RFC that is a valid email. – AbraCadaver May 24 '16 at 14:59
  • Yes it does. Who would you like to nominate to define valid email addresses? – AbraCadaver May 24 '16 at 15:21
  • I mean it's wrong to allow probably not existing, malicious email addresses. Looks like you just don't want to understand the point here, the RFC is not wrong itself, but in some context it's not safe to trust everything that is valid according to the RFC. – Viktor Koncsek May 24 '16 at 15:31
  • I understand the point perfectly. That is only "unsafe" if you display it in a web browser, in which case you should be sanitizing it anyway. htmlentities() maybe? It's not safe to trust any user supplied input. – AbraCadaver May 24 '16 at 15:34