1

I tried PHP regex to verify emails, such as /^[_a-z0-9-]+(\.[_a-z0-9-])*@[a-z0-9-]+(\.[a-z0-9-])*(\.[a-z]{2,4})$/. I know that it is not a correct way to validate the emails, for abc@abc.abc is also correct in my regex.

Do I need to enumerate all the domain name suffixes?

I happened to know that in PHP filter_var function can verify emails, however filter_var('abc@abc.abc', FILTER_VALIDATE_EMAIL) is also correct.

What is the theory of FILTER_VALIDATE_EMAIL in PHP source code? or can someone tell me a better way to verify emails?

Thanks very much!

iatboy
  • 1,295
  • 1
  • 12
  • 19
  • 1
    Depending on your DNS settings, `abc.abc` really could be a valid domain name. And it’s not even that your regular expression is too permissive; it’s too restrictive, for example, in [denying addresses with `+`](http://mozilla.wikia.com/wiki/User:Me_at_work/plushaters). – icktoofay Aug 18 '14 at 01:56

2 Answers2

4

Function php_filter_validate_email from logical_filters.c is used for this check.

It tests email against following regex /^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD and also for the maximum length of 320 characters.

Also comment from the source: 

/*
* The regex below is based on a regex by Michael Rushton.
* However, it is not identical. I changed it to only consider routeable
* addresses as valid. Michael's regex considers a@b a valid address
* which conflicts with section 2.3.5 of RFC 5321 which states that:
*
* Only resolvable, fully-qualified domain names (FQDNs) are permitted
* when domain names are used in SMTP. In other words, names that can
* be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
* in Section 5) are permitted, as are CNAME RRs whose targets can be
* resolved, in turn, to MX or address RRs. Local nicknames or
* unqualified names MUST NOT be used.
*
* This regex does not handle comments and folding whitespace. While
* this is technically valid in an email address, these parts aren't
* actually part of the address itself.
*
* Michael's regex carries this copyright:
*
* Copyright © Michael Rushton 2009-10
* http://squiloople.com/
* Feel free to use and redistribute this code. But please keep this copyright notice.
*
*/

This is good enough for most of the real world emails. For more details check out this question: Using a regular expression to validate an email address

Community
  • 1
  • 1
Konstantin Pereiaslov
  • 1,786
  • 1
  • 18
  • 26
  • Thanks a lot, It is too complex, the above code is in which file? – iatboy Aug 18 '14 at 02:08
  • @iatboy https://github.com/php/php-src/blob/8b66d64b2343bc4fd8aeabb690024edb850a0155/ext/filter/logical_filters.c , function php_filter_validate_email – Konstantin Pereiaslov Aug 18 '14 at 02:14
  • For people who are blindly copy pasting this code into their project, here are a few notes. 1. The excess `\\ ` escaping may be flagged within your IDE -- just set them as single backslashes. 2. The `D` pattern modifier is non-sense because there is only one `$` in the whole pattern, it is used to denote the end of the string and that is the default behavior -- just remove the `D` pattern modifier. 3. All occurrences of `[0-9]` can be shortened to `\d`. 4. `{1,}` can be shortended to `+` 5. The last `]` near the end of the pattern doesn't need to be escaped to be treated literally. – mickmackusa Aug 12 '20 at 03:44
0

Use the code below

 $email="abc@abc.com";
    if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo "This email is correct";

    }

Hope this helps you

Utkarsh Dixit
  • 4,267
  • 3
  • 15
  • 38