if/else function that handles PHP email user input form sanitization and validation not sanitizing

Question

I can get it to validate my email address but it isn't sanitizing it, for example when I do a simple test and input an email such as joeschm//oe@yahoo.com into the email address input field, I receive an email that says the email address is from joeschm//oe@yahoo.com.

Here is the relevant code:

//form validation vars
$formok = true;
$errors = array();  

//form data
$email = $_POST['email'];

//validate email address is not empty
if(empty($email)){
    $formok = false;
    $errors[] = "You have not entered an email address";
//validate email address is valid
}elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
    $formok = false;
    $errors[] = "You have not entered a valid email address";
    //if email address input field is not empty and the email is valid, sanitize the email
}else{
    filter_var($email, FILTER_SANITIZE_EMAIL);
    $formok = true;
}

Answer 1

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

You need to capture the return value of filter_var.

Answer 2

$email = mysqli_real_escape_string($_POST['email']);

Try using that instead of your current code. It will not replace any mishaps the user puts into the email input but it will make sure it is safe to post to your database for saving.