0

I have a bit of code which checks 2 $_GET variables with preg_match. It also looks up one variable value in the database. The problem is that the email address which is url encoded and the @ symbol is replaced with %40 is not turned back into readable text when I call the variable.

So if I call $_GET['email'] the value displayed is someone%40example.com while it should be someone@example.com

I understand $_GET variables get decoded automatically but it is not working for me. This problem came with the installation of SSL on this domain. Could it have something to do with that?

Here's my code:

if (isset($_GET['Email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['Email'])) {
  $Email = $_GET['Email'];
}
idejong
  • 101
  • 1
  • 14
  • 1
    The is not [the way to validate](http://stackoverflow.com/questions/12026842/how-to-validate-an-email-address-in-php/12026863#12026863) emailaddresses, because: https://emailtester.pieterhordijk.com/test-pattern/Nzc – PeeHaa Aug 29 '14 at 14:01
  • 1
    I agree with comment from @PeeHaa I would strongly suggest using `filter_var($_GET['email'], FILTER_VALIDATE_EMAIL)` – Mike Brant Aug 29 '14 at 14:03
  • 1
    Are you processing input form? Are you using `multipart/form-data` content type with form? You need `application/x-www-form-urlencoded` content type to signal PHP that the content needs to be decoded. – Mike Brant Aug 29 '14 at 14:07

2 Answers2

-1

U need to put urldecode()

$_GET variable doesnot get url decoded automatically. You have to do it manually.

Do something like this

if (isset($_GET['Email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', urldecode($_GET['Email']))) 
{
  $Email = urldecode($_GET['Email']);
}

Also, this is not the proper way of validating email

Saswat
  • 12,320
  • 16
  • 77
  • 156
  • @PeeHaa... Cant you give me points for urldecode method??? Always need excuses to downvote others – Saswat Aug 29 '14 at 14:19
  • I really should not react to people whining about downvotes, but for what it's worth I removed my downvote the moment you removed the broken statement about the proper way. So... – PeeHaa Aug 29 '14 at 14:49
-1

Check your content-type header you are sending. If you are submitting a form, then I you should probably be using application/x-www-form-urlencoded type in your form to tell PHP that the data is URL-encoded and should be automatically decoded. That is unless you are submitting a file upload, in which case multipart/form-data is appropriate and may require manual decoding of content (using urldecode() depending on how it is actually sent. You can inspect $_SERVER['CONTENT_TYPE'] to help you programatically determine whether you need to manually decode.

A few other pointers:

  • You should probably consider using POST here instead of GET unless your expectation is that this would be a navigable page/or endpoint tied to that email address (i.e. something someone could bookmark). Think for the GET action is reading something from a location specified by the query string and POST as being related to making some specific action related to the POSTed data.

  • You should consider using filter_var() or filter_input() along with the email validation filter instead of regex.

Suggested usage would be:

$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if(false === $email) {
    // validation failed
}
// or
$email = filter_input(INPUT_GET, 'email', FILTER_VALIDATE_EMAIL);
if(is_null($email) {
    // key was not present in GET params
} else if (false === $email) {
    // validation failed
}
Mike Brant
  • 70,514
  • 10
  • 99
  • 103