3

I'm using PHPMailer to send emails via contact form. When I enter an invalid email address in the input field, the email is still sent. I want to perform both client-side and server-side validations.

Does PHPMailer have a built-in validation system to check for invalid email address? If the email entered is invalid I want to return an error and not send the email.

  • What do you mean by "invalid"? PHPMailer does have validation code and should be checking the email addresses before allowing an email to be sent. – Spudley May 06 '16 at 20:33
  • but in my case I could enter something like 'sdjfygsdfisdf' as an email and I still receive it in my inbox. By invalid I mean not an actual email address. –  May 06 '16 at 20:36
  • `but in my case I could enter something like 'sdjfygsdfisdf' as an email and I still receive it in my inbox` so your inbox listens on `sdjfygsdfisdf` ?? – dognose May 06 '16 at 20:53
  • I'd remind all, that valid recipient address does not have to contain `@...` part. @dognose sure - that's pretty much how mail system works. If no domain is provided then local is assumed (unless MTA is configured otherwise). – Marcin Orlowski May 06 '16 at 21:00

2 Answers2

1

The easiest and most correct way to validate email addresses is to use filter_var. Rather than relying on a patched PHPMailer, you could write a function to validate them before you send them to PHPMailer.

function validateEmailAddr($addr) {
    // note: do not attempt to write any regex to validate email addresses;
    // it will invariably be wrong
    return filter_var($addr, FILTER_VALIDATE_EMAIL);
}
amphetamachine
  • 27,620
  • 12
  • 60
  • 72
  • 1
    But just in case, I also has a build-in validation http://phpmailer.github.io/PHPMailer/classes/PHPMailer.html#method_validateAddress – Alon Eitan May 06 '16 at 20:34
  • So how do I use the phpmailer validation instead of my own? I assume PHPMailer devs know more about what their doing than I. –  May 06 '16 at 20:37
  • 4
    `if (!PHPMailer::validateAddress($email)){ ... not valid, don't send email... } else { ... is valid, send email ... }` – shamsup May 06 '16 at 20:39
  • PHP does its validation anyway when you add an address. You don't have to do it again for yourself; you just have to handle the errors it generates. – Spudley May 06 '16 at 21:00
  • After adding the code above something like this 'skdfuhsdfsd' comes as an invalid email and it isn't sent. So will the code you linked to (http://stackoverflow.com/questions/2386544/error-handling-with-phpmailer/2386576#2386576) catch the invalid email errors? –  May 06 '16 at 21:06
1

You said that you could enter something like 'sdjfygsdfisdf' and still get the email sent to you.

That's odd. Because adding any email address ('to', 'cc', 'bcc', 'replyto') in PHPMailer will go through the addOrEnqueueAnAddress() function, which does include validation checks. Adding a 'from' address uses different code, but also does validation checks.

The most obvious thing here is that you're not actually doing any error checking to trap for those errors.

Depending on whether you've got PHPMailer using exceptions or not, you might just be getting a false value returned from functions like setFrom() when you give it a bad address. If you ignore that value and carry on anyway, then yes, the email will still be sent.

So you need to add some error handling. Check for function call returning false.

However my preferred suggestion would be to switch to using exceptions for your error handler -- PHPMailer can do this just by setting a flag. This will make error handling easier, as you won't need to check for false on every single function call; just wrap the whole thing in a try catch block, and do your error handling in one go at the end.

Spudley
  • 166,037
  • 39
  • 233
  • 307