Hello

I've questions about your code example.

function is_valid_email($email) {
$email = filter_var($email, FILTER_SANITIZE_EMAIL);

So far, so good.

  return (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) && !contains_invalid_string($email);
}

I might be wrong or not awakened enough, but this construct is IMHO a bit weird. The function filter_var returns the filtered variable content or false. The function contains_invalid_string returns true or false. But …

1. … this function can't find invalid chars, when filter_var sanitized the input string before in it's first call.
2. What should be returned? The two functions can return three possible states (the functions (in this combination) returns one of the following states: true, false or a string).

It's a bit perplexing for me. Either the check for invalid chars checks the original string and rejects invalid input (then without sanitizing it before) or the string will be sanitized (what can change the input) but then checking for invalid chars afterwards is senseless. Not only, because there should be no invalid chars after the sanitizing but also because the possible changes of the input. We can't identify deliberately bad input after sanitizing the string but IMHO we should be able to do so.

Tschö, Auge