Page 1 of 1

Email Validation

Posted: Tue Jan 31, 2006 2:28 am
by Jim_Bo
Hi,

Is this good code for email validation:

Code: Select all

if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
	$error_msg = '<center><b>Invalid email address</b></center>';
}

Thanks

Posted: Tue Jan 31, 2006 3:22 am
by Chris Corbyn
Moved to regex :wink:

Posted: Tue Jan 31, 2006 3:36 am
by Jim_Bo
Ok .. didnt see that topic

Posted: Tue Jan 31, 2006 3:44 am
by jayshields
I presume it's easier for you to implement and test the code rather than ask someone else to look at it/test it themselves.

Why don't you try some emails in it and maybe try to fool it, if it fails on something, ask us how to improve it given the test that failed?

Also, check out some comments on php.net regex functions pages, there are some good snippets in there and some decent page links.

Posted: Tue Jan 31, 2006 4:08 am
by timvw
The regular expression wouldn't work well if my e-mail address were mail@timvw.info...
A better implementation: http://www.iamcal.com/publish/articles/ ... ing_email/

Posted: Tue Jan 31, 2006 6:07 am
by raghavan20
try mine

Posted: Sat Feb 18, 2006 4:23 pm
by seodevhead
I am looking at TimV's suggestion for an email regex. ( http://www.iamcal.com/publish/articles/ ... ing_email/ )

I am currently testing it and am seeing that it accepts a lot of invalid email addresses, eventhough it is not supposed to. In fact, after a little searching, I found these pages on the website that state what the regex considers valid and invalid. Check out the results:

http://code.iamcal.com/php/rfc822/rfc2822.php
and
http://code.iamcal.com/php/rfc822/rfc2822.php

I mean seriously, how can 'cal@iamcalx' be considered a valid email address? I don't understand this function at all. Perhaps I am missing something. Any help would be greatly appreciated! Thanks.

Posted: Sat Feb 18, 2006 4:54 pm
by shiznatix
if i am not mistaken, cal@imcalx is a valid email address. I searched and could not find the link but somtin like
"natix rocks"@somthing
is a actual valid email address.

Posted: Sat Feb 18, 2006 5:44 pm
by raghavan20
now-a-days more companies are stressing to not validate on last part of email address after the @ symbol owing to the probability of disallowing some unknown valid email addresses.

Recently, when I checked with wikipedia, this is what I got,
According to RFC 2822, the local-part of the e-mail may use any of these ASCII characters:

Uppercase and lowercase letters
The digits 0 through 9
The characters "!", "#", "$", "%", "&", "'", "*", "+", "-", "/", "=", "?", "^", "_", "`", "{", "|", "}", "~"
The character "." provided that it is not the first or last character in the local-part.

Posted: Sun Feb 19, 2006 12:49 am
by Roja
seodevhead wrote:I am currently testing it and am seeing that it accepts a lot of invalid email addresses, eventhough it is not supposed to.
You are confusing valid (according to the RFC) email addresses with accurate and working - there is a very significant difference.
seodevhead wrote:I mean seriously, how can 'cal@iamcalx' be considered a valid email address? I don't understand this function at all. Perhaps I am missing something. Any help would be greatly appreciated! Thanks.
If you are at my house, and you ping my router (named "Evil"), you get:

PING evil.incarnate (127.0.0.1) 56(84) bytes of data.
64 bytes from evil.incarnate (127.0.0.1): icmp_seq=0 ttl=64 time=0.094 ms

Notice that evil has become evil.incarnate. Similarly, cal@iamcalx can be absolutely valid, accurate, and even working. If my local mailserver was named iamcalx.incarnate, it would get to that mailserver, and deliver it to the user ("cal") on that server.

Email validators don't try to (and cannot) check if an email is real. They check if it complies with the format specified by the RFC's.

If you are wondering why they cannot, think of it as a spammer. If there was a 100% reliable way to detect a real email, we'd get 100x as much spam (if not more).

Validators are meant to reduce the number of invalid emails you send to a user. In my projects, I use an RFC validator ( http://svn.gna.org/viewcvs/blacknova/tr ... iew=markup ), but then I use that email address to send an email containing a code. Without the code, the account is invalid. That way, we've reduced the number of false emails sent from my server, and we've validated the email account (they received the email!).

Posted: Sun Feb 19, 2006 11:00 pm
by pennythetuff
I've been using Roja's script for quite some time now and I've never had any problems. It's probably best to go with an RFC compliant script.