That's why I'm bothering everyone here asking a lot of questions
But I also learned about the defense in depth principle. So even if I (try to) validate the emailaddress a user has entered with a regex, I want or would like to double check and see if anything suspicious is being entered. (like a "multiparts*/s*mixed" or bcc:)
Because, maybe the regex I use is not sufficient? Regex's can be very hard, and I'm no regex expert, so maybe there's a small mistake somewhere in the email validation routine. Or maybe I made a mistake copy-pasting a piece of code (ok, that would be stupid. But we make mistakes, do we?).
For example, if I look at the regex provided by ilovejackdaniels. http://www.ilovejackdaniels.com/php/ema ... alidation/
That was published 1 june 2004. Since then some people have commented on the code and found mistakes or errors. they were acknowledged by the author, and the regex was updated at some point. So at some time, and maybe even still at this time, the regex could be insufficient. In that case I would like to have a backup validation routine, checking for suspicious input or newlines etc.
(p.s. I'm not nitpicking on Dave, just using it as an example)
So, you are correct in saying that the solution "Just validate any user input" is simple. However, "Just validate any user input" is not so simple. As can be seen by the many many threads in which people discuss what's good or not, better or not.