If the REQUEST_METHOD is POST, then the form has been submitted - and it should be validated.
If it has not been submitted, skip the validation and display a blank form.
And you must remember that some concrete internet servers can fail some details of common standard and in fact work with own "modified standard". Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Such code can now do no harm and is safe to be displayed on a page or inside an e-mail. if quotes are escaped with a slash \ let's remove that.
Sure, it may not look nice and tell you someone has been trying to mess with your script, but the important thing is he/she had failed! If you know exactly what kind of data to expect you can make further steps to ensure the user has entered what you want. Instead of writing the same code over and over again we can create a function that will do all the checking for us.
But please keep this copyright notice." solutions have false negatives (especially with all of the newer TLDs).
Instead, it's better to make sure the address has all of the required parts of an email address (user, "@" symbol, and domain), then verify that the domain itself exists.
There is no way to determine (server side) if an email user exists for an external domain.
This is a method I created in a Utility class: Of course, you can show some warning or tooltip in front-end when user typed "strange" email to help him to avoid common mistakes, like no dot in domain part or spaces in name without quoting and so on.
Be aware of that any Java Script code can be added inside the - this would not be executed, because it would be saved as HTML escaped code, like this: <script>location.href(' The code is now safe to be displayed on a page or inside an e-mail.