Below is a form that will validate an email address and also sanitize a string (strip all unwanted characters).

The form takes 2 variables "email" and "name" and passes them back to itself ( using the phpself method).

the first test is on the email, if it is not valid, it does not become a variable - Note the $email=$_POST['email'] line.

The second test takes the value submitted as $name and strips out all code, brackets, etc producing a safe to use string. It may still be a bunch of gibberish, but it will not inject nasty code into the db.

<?php
$phpself = basename(__FILE__);
$phpself = substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'],$phpself)) . $phpself;
$submit=$_POST['submit'];
if ($submit ==""){ ?>
<form action="<?php echo $phpself;?>" method="post">
email addy
<input type="text" name="email">
<br><br />
Name
<input type="text" name="name" /><br /><br />
<input type="submit" name="submit" value="submit">
</form>

<?php }else {
if (!filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL))
{
echo "E-Mail is not valid";
}
else
{
$email=$_POST['email']; // Note: get the email value since it is true
echo "E-Mail is valid and is $email";
}
// now test name
echo "<br>";
$name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRIPPED);
echo "Name is now $name";

}?>