FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Email Validation





Dennise
I've come across the following script to check for a valid email address:

if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,".")))

1. Can someone please explain how the first check works: !$visitormail == "" I'm new to PHP and don't understand this check.

2. Actually, I don't think the whole check is very robust. Can someone please suggest a better script for more thoroughly validating an email address?

Thanks Smile
Arnie
Code:
if (!$visitormail == "")
means if the variable $visitormail is not empty...
The ! is a negation.

Do you know what the && and || are about?
Dennise
Arnie wrote:
Code:
if (!$visitormail == "")
means if the variable $visitormail is not empty...
The ! is a negation.

Do you know what the && and || are about?


Arnie,

&& means AND
|| means OR

So for the complete test:if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,".")))

I think it means:

if $visitormail is NOT empty AND $visitormail does NOT contain the @ character
OR if $visitormail does NOT contain a .

Then the check fails.

But this check doesn't make sense to me.

I think the intent of the script is this:

if $visitormail is empty OR $visitormail does NOT contain the @ character
OR $visitormail does NOT contain a .

Then the check fails.

So, I think the script contains an error. I also think the script, even if corrected, doesn't do a very good job of validating an email address.

Comments?
kv
It just checks if the given email is not null and contains a "@" and ".", the bare minimum check for a email address. Here is a better alternative:

Code:

//Set a regular expression for email address

$pattern = '/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i';

//use preg_match to validate

if(preg_match ($pattern, "<email address here>");
{
//valid code
}
else
{
//invalid code
}
rvec
http://nl2.php.net/manual/en/function.filter-var.php
take a look at that, no need for strange functions or long and hard regexes.
Arnie
Does Frihost have PHP5?
sonam
In my cPanel displaying 5.2.6 Wink

Sonam
Hogwarts
Hm. I shall fix your problems! Surprised

Code:
<?php
function checkIfAnEmailAddressIsValidOrNot ($emailAddress) {
if (preg_match('[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?', $emailAddress)
  return true; # The email address /is/ valid =]
return false; # The email address isn't valid =[
}
?>


*takes a bow*

I just yoinked the REGEX out of one of my older apps. *evil look* Surprised
Star Wars Fanatic
rvec wrote:
http://nl2.php.net/manual/en/function.filter-var.php
take a look at that, no need for strange functions or long and hard regexes.


Hey that's a nice function, I'll have to check it out.
Now the question is, does it work as well as regex in determining a valid email?
Hogwarts
Star Wars Fanatic wrote:
Now the question is, does it work as well as regex in determining a valid email?


That's subject to the quality of the regex
assailant
I think the best way to do is with regular expressions as using a string comparison check may or may not catch all non-valid email addresses. Plus, regexes are more descriptive and concise.
kv
rvec wrote:
http://nl2.php.net/manual/en/function.filter-var.php
take a look at that, no need for strange functions or long and hard regexes.


Nice function. Does this come along with basic php install or is it an addon?
rvec
kv wrote:
rvec wrote:
http://nl2.php.net/manual/en/function.filter-var.php
take a look at that, no need for strange functions or long and hard regexes.


Nice function. Does this come along with basic php install or is it an addon?

never used php.net?
It's part of the normal php installation.
Arnie
Only in PHP5 though.
bloodrider
At my site I use the following code to check the email address inserted:

Code:
<?php

if(@$_POST['send'] == "true"){

$sender = $_POST['sender'];
$sender = explode('@', $sender);
$emailhost = "www." . $sender[1];

$ip = gethostbyname($emailhost);
@$ip = gethostbyaddr($ip);

if (!$ip){
   print "The email address is not valid!";
}
else{ //do whatever you wants if the email is valid
}
?>


This script is nice because it check if the domain of the email address exists or not.
The standard verifications, null address, invalid character are made in javascript on the "form" itself Wink
Hogwarts
Wouldn't it be more logical just to try sending the email, otherwise break?
Star Wars Fanatic
Hogwarts wrote:
Wouldn't it be more logical just to try sending the email, otherwise break?


Because you will be able to send the email no matter what, whether it goes anywhere is another question. You won't get an error back to the php script, there's also time involved, there will be a few minutes between when you send it, and when it will be rejected back to the server.
Hogwarts
Annnd what if their email host was temporarily down? You can't sign up. If you had it when sending the email using an SMTP server (using the Swift library, for example), it'd encounter less problems because it would periodically retry.
wylieconlon
I've used the filter_var() function myself and it's worked correctly for everything I've tested it.
Dennise
Hey all,

Thanks for all the replies and suggestions. Now I just have to figure out which one(s) to try. As always, learning programming/scripting is harder because there's always so many to do one thing!

Very Happy
imagefree
a better way to validate is let it on php

Code:
   if(!($email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)))
      $error='Invalid Email Address.';
//then keep using $email variable as email address submitted.
//modify this script. it may not work.
Hogwarts
Because, imagefree, that function hasn't been suggested throughout the entire topic?

imagefree wrote:
//then keep using $email variable as email address submitted.

That's silly. $email should be defined separately, and remain defined the whole time. It may be useful later, and you shouldn't call a variable by two names.[/quote]
Stubru Freak
bloodrider wrote:
At my site I use the following code to check the email address inserted:

Code:
<?php

if(@$_POST['send'] == "true"){

$sender = $_POST['sender'];
$sender = explode('@', $sender);
$emailhost = "www." . $sender[1];

$ip = gethostbyname($emailhost);
@$ip = gethostbyaddr($ip);

if (!$ip){
   print "The email address is not valid!";
}
else{ //do whatever you wants if the email is valid
}
?>


This script is nice because it check if the domain of the email address exists or not.
The standard verifications, null address, invalid character are made in javascript on the "form" itself Wink


Euhm, that's a very bad script.
First: don't assume that for every e-mail address, www.domainname will exist. You'd even have a better chance without the www.
Second: client-side validation? Seriously? I hope you're doing mysql_real_escape_string... But even if you do, I can put anything I want in your database.
Agent ME
I recall reading that the simplest method about email addresses, once you see that it makes sense (has an @), is to just send an email to it and see if that fails.
imagefree
Hogwarts wrote:
Because, imagefree, that function hasn't been suggested throughout the entire topic?

imagefree wrote:
//then keep using $email variable as email address submitted.

That's silly. $email should be defined separately, and remain defined the whole time. It may be useful later, and you shouldn't call a variable by two names.
[/quote]

i cant understand, can u please explain what you want to say.
thanks
bloodrider
Stubru Freak wrote:
Euhm, that's a very bad script.
First: don't assume that for every e-mail address, www.domainname will exist. You'd even have a better chance without the www.
Second: client-side validation? Seriously? I hope you're doing mysql_real_escape_string... But even if you do, I can put anything I want in your database.


Thanks for your opinion, you would be right if I was using this script as you are presuming.
The kind of domains I'm interested are with "www", I'm just doing a email verification, I'm not storing nothing.
Yes there are better ways to do this, but at that time I "made" this script, it was what I needed and it still works fine Wink
pashmina
thank you all for those explanations in PHP, but i was looking for more validation options in java scripts as well.
this helps to check if it is valid before the form is submitted
riccopt
isn't it easier to send an email to the user, and then make him click a link to confirm that the email is valid?
Hogwarts
riccopt wrote:
isn't it easier to send an email to the user, and then make him click a link to confirm that the email is valid?


That's the second stage, after you verify it isn't formatted in the way of "alf@home", or whatever.
mathiaus
Hogwarts wrote:
riccopt wrote:
isn't it easier to send an email to the user, and then make him click a link to confirm that the email is valid?


That's the second stage, after you verify it isn't formatted in the way of "alf@home", or whatever.

Exactly!! By first verifying whether it is possible to be a valid address, you can prevent your database from becoming clogged up with a pile of invalid junk addresses. It also stops users from forgetting to add their full address and then emailing you to say that they need to change it etc.

There isn't really a god excuse for not validating all form fields!
Stubru Freak
bloodrider wrote:
Stubru Freak wrote:
Euhm, that's a very bad script.
First: don't assume that for every e-mail address, www.domainname will exist. You'd even have a better chance without the www.
Second: client-side validation? Seriously? I hope you're doing mysql_real_escape_string... But even if you do, I can put anything I want in your database.


Thanks for your opinion, you would be right if I was using this script as you are presuming.
The kind of domains I'm interested are with "www", I'm just doing a email verification, I'm not storing nothing.
Yes there are better ways to do this, but at that time I "made" this script, it was what I needed and it still works fine Wink


That's not true, some people have e-mail addresses that don't correspond to a website, and adding www makes it even less likely. You should check for a mail server at that location instead (without the www).
Also, client-side validation is fine if you don't need security. If you need security, it really isn't.
kv
I found a better solution. Check mx records. Here is the php function to do this: http://jp2.php.net/getmxrr
Related topics
Waiting for the email validation...
Email validation
how does this email validation works?
Email Validation script
Regestration and other stuff. $FRI up for grabs
subject javascript code please help
Form validation
How to update database?
huge-as code problem on top of le forum
Contact Script
Best Script For Me ?
BOT prevention - stand out from the crowd
Wordpress subdomains not working
i need to know
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.