2

So iv been doing a lot of reading on the best way to validate an email address before submitting a form. Iv read in multiple areas that regular expressions shouldn't be used to validate email addresses. e.g.

http://www.regular-expressions.info/email.html

Validate email address in JavaScript?

my problem with using regular expressions is that I need to be able to allow foreign characters in emails as they could be coming from anywhere in the world and I dont know how to ensure they are allowed without spending an age setting up useless accounts to test.

Further into my reading I saw someone state that validation should be done server side (as well).

All I get in search results for server-side validation are links to regular expressions.

Iv'e also looked at simple validation using indexOf and lastIndexOf on certain characters but I don't see how that will allow all the possible domains without some crazy complex code.

So essentially my question is what are the options for sever-side validation other than again using regular expressions (if there are any other options)?

Appreciate any help!

Community
  • 1
  • 1
AndrewBramwell
  • 494
  • 1
  • 7
  • 26
  • Regular expressions should be fine for validation. As for server side, you might also think about using the PHP in built validation: http://php.net/manual/en/filter.examples.validation.php – Dr Rob Lang Aug 23 '14 at 19:26
  • 2
    Well, you could use [filter_var()](http://ch2.php.net/manual/en/function.filter-var.php) but in the background it's just a RegEx. http://stackoverflow.com/questions/12026842/how-to-validate-an-email-address-in-php – Charlotte Dunois Aug 23 '14 at 19:26
  • Ok, so why are people being fussy about using regular expressions for email validation? (I know this question is like asking for the answer to the universe!) but do you know any problems I could face with using RegExs. I will have a look into filter_var(), thanks! – AndrewBramwell Aug 23 '14 at 19:30
  • I'm sure the people at PHP.net thought about that when they came up with [`FILTER_VALIDATE_EMAIL`](http://ch2.php.net/manual/en/function.filter-var.php) – Funk Forty Niner Aug 23 '14 at 19:34
  • 2
    Note: The only way to "validate" an e-mail address is to illicit a verifiable response after sending it a secret; all these pattern matching (etc) approaches just ensure it "looks valid". – user2864740 Aug 23 '14 at 19:34
  • @Fred-ii- I'm not sure that's the argument I'd use to defend random PHP functions.. – user2864740 Aug 23 '14 at 19:34
  • Ok, however I feel like your question has already been answered; or is there something that isn't clear to us? – Funk Forty Niner Aug 23 '14 at 19:59
  • I've had enough input to keep me going for another few days :) I'm happy to say its answered! – AndrewBramwell Aug 23 '14 at 20:01
  • Great, glad to hear it, *cheers* – Funk Forty Niner Aug 23 '14 at 20:03
  • 1
    thank you all for your inputs! ( i forgot that in my last comment :/ ) – AndrewBramwell Aug 23 '14 at 20:04
  • You're welcome Andrew. – Funk Forty Niner Aug 23 '14 at 20:05

3 Answers3

2

In PHP you can use filter_var. Example from the docs:

$email = filter_var('bob@example.com', FILTER_VALIDATE_EMAIL);

In this case, $email will contain "bob@example.com". For an invalid email address, it will contain false.

Tom Fenech
  • 72,334
  • 12
  • 107
  • 141
2

Short answer: You can't do it. You can write regular expressions that will tell you whether an email address looks valid, but, as you say, there are enough exceptions to render that approach questionable.

The only way you can truly know that an email address is valid (and was used by the owner for whatever you are doing) is to send a clickable link containing a unique token to that address and see whether it gets clicked.

Bob Brown
  • 1,463
  • 1
  • 12
  • 25
  • Yeah i read a similar answer in a page somewhere (cannot find the link) but I cannot do this as the form i'm creating simply sends and email to me with the form content in. I can't ask users to validate that they want to send me an email. I appreciate the input though. – AndrewBramwell Aug 23 '14 at 19:33
  • 1
    The problem with using a regex, which PHP's filter actually is, is false positives and worse, false negatives. PHP's filter tells me that `bbrown@bbrown.asdf` is a valid email address, which it clearly is not. This address: `ñoñó1234@server.com`, which is reported to be a valid-looking email address (see http://stackoverflow.com/questions/3844431/are-email-addresses-allowed-to-contain-non-alphanumeric-characters) is rejected by PHP's filter. So, the risk you run is telling people that valid email addresses are not, and not letting them do whatever you are trying to do. – Bob Brown Aug 23 '14 at 19:52
  • Appreciate the explanation! @Bob Brown – AndrewBramwell Aug 23 '14 at 19:56
  • 2
    PHP _does_ have a `checkdnsrr` function: http://php.net/manual/en/function.checkdnsrr.php which will let you determine whether there's an MX record for the domain name given. That ought to work (not tested) for even internationalized domain names. You also have to check for A and maybe CNAME records in case mis-configured mail server. And, of course, there is the valid but useless `bogus@bogus.com`. – Bob Brown Aug 23 '14 at 20:11
  • Implementing smtp is easier and more reliable than finding the regex that catches all forms of email described in rfc822. – bbaassssiiee Aug 23 '14 at 21:03
0

server side validation using php source : http://www.w3schools.com/php/filter_validate_email.asp

<?php
$email = "someone@example.com";

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";
  }
else
  {
  echo "E-mail is valid";
  }
?>
Varun
  • 76
  • 5
  • do you know if this allows foreign characters e.g. accented characters? – AndrewBramwell Aug 23 '14 at 19:36
  • ya it works.. I tried using different characters and it shows email is not valid.. and it also doesn't allows foreign characters..In case I missed some characters and if you want to try them yourself then just change someone@example.com to whatever you want to test with – Varun Aug 26 '14 at 19:01