Email Validation

Hi, apologies for the two topics both covering various issues of my mail script. Just wanting to do know why my script isn’t working. I’ve added an email validation but now not working…I’m guessing it has something to do with the if and else statements.

Any help greatly received.

<?php
error_reporting(0);
$email = "";
$msg_to_user = "";
if(isset($email) and $email=="email"){
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})$", $email)){
echo "<center>Invalid email</center>";}
else{
if ($_POST['email']!=""){
	include_once "connection.php";
	
	$email = $_POST['email'];
	
	$sql = mysql_query("SELECT * FROM addresses WHERE email='$email'");
	$numRows = mysql_num_rows($sql);
	
	if (!$email){
	$msg_to_user = '<div class="msg_to_user">Please type an email address.</div>';
	}
	
	else if ($numRows>0){
	$msg_to_user = '<div class="msg_to_user">'.$email.' is already in the system.</div>';
	}
	else {
	$sql_insert=mysql_query("INSERT INTO addresses (email, dateTime) 
	VALUES('$email',now())") or die (mysql_error());
	
	
	$msg_to_user='<div class="msg_to_user_success">You have been added successfully.</div>';	
	$email="";
	}
	}
	}
	}
?>

It can be a tricky issue, but the native [fphp]filter[/fphp] extension in combination with the FILTER_VALIDATE_EMAIL flag should suffice.

as far as I can tell

[COLOR=#000066][COLOR=#000066]error_reporting[/COLOR][COLOR=#66cc66]([/COLOR][COLOR=#cc66cc]0[/COLOR][COLOR=#66cc66])[/COLOR];
 
[COLOR=#0000cc]$email[/COLOR] = [COLOR=#cc0000]""[/COLOR];
 
[COLOR=#0000cc]$msg_to_user[/COLOR] = [COLOR=#cc0000]""[/COLOR];
 
[COLOR=#006600]if[/COLOR][COLOR=#66cc66]([/COLOR][COLOR=#000066]isset[/COLOR][COLOR=#66cc66]([/COLOR][COLOR=#0000cc]$email[/COLOR][COLOR=#66cc66])[/COLOR] and [COLOR=#0000cc]$email[/COLOR]==[COLOR=#cc0000]"email"[/COLOR][COLOR=#66cc66])[/COLOR][COLOR=#66cc66]{[/COLOR]
 
[/COLOR]

[COLOR=#000066]

will always evaluate to false.

[/COLOR]btw - is this code the same as in your other thread?

Hey, yes this is the same code as my other thread - though this has the mysql_real_escape on it. So what do I need to do to try and rectify the issue? Thanks for your help, appreciated.

hmmmmm…:scratch:

no it’s not exactly the same.

in the other thread you have

 
<?php
 
error_reporting(0);
 
$email = "";
 
$msg_to_user = "";
 
if ($_POST['email']!=""){

which is the real code?

Hi Kalon, this is the real code, just copied it from my script. At the moment I don’t have any email verification - couldn’t get it to work. Any ideas on a good script to check the email address and how to implement it?

<?php
error_reporting(0);
include(‘tpl_includes/header.php’);
$email = “”;
$msg_to_user = “”;
if ($_POST[‘email’]!=“”){
include_once “connection.php”;

$email = mysql_real_escape_string($_POST['email']);

$sql = mysql_query("SELECT * FROM addresses WHERE email='$email'");
$numRows = mysql_num_rows($sql);

if (!$email){
$msg_to_user = '<div class="msg_to_user">Please type an email address.</div>';
}

else if ($numRows>0){
$msg_to_user = '<div class="msg_to_user">'.$email.' is already in the system.</div>';
}
else {
$sql_insert=mysql_query("INSERT INTO addresses (email, dateTime) 
VALUES('$email',now())") or die (mysql_error());


$msg_to_user='<div class="msg_to_user_success">You have been added successfully.</div>';	
$email="";
}
}

?>

<?php
if(false !== filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
  #email is 'syntactically' valid
}
?>

Thanks for the tip Salathe!

As always, it’s appreciated.

Hi Antony, used your code example and it’s working beautifully. At least stops false email addresses entering database. Thanks a lot for your help.

New to this forum and amazed at the amount of help available, you all are very quick to respond. Was a member on another well-known forum and no where near as much help - often threads go unanswered. Really appreciate the help here.

FILTER_VALIDATE_EMAIL is inferior to a correctly implemented RFC-based solution that can also repair malformed e-mail addresses.

From: http://barebonescms.com/documentation/extra_components/

“MakeValidEmailAddress() - This function takes an input e-mail address of the form ‘local@domain’, parses it one character at a time using a state engine, cleans it up of common mistakes, and (optionally) validates that the resulting domain is valid. For example, “someone@hotmail,com” would become “someone@hotmail.com”. This function allows all non-obsolete address formats.”

E-mail validation/clean up is hard. A simple regex won’t cut it. The FILTER_VALIDATE_EMAIL PHP filter only passes 66% of Dominic Sayers’ test suite:

http://www.dominicsayers.com/isemail/

I’d use either my MakeValidEmailAddress() or Dominic Sayers’ isemail() functions over any other solution.

another option to validate email address formats

 
<?php
function isEmail($email) {
    $normalEmail = "/^[a-z0-9_\\+-]+(\\.[a-z0-9_\\+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([a-z]{2,4})$/";
    $validButRareEmail = "/^[a-z0-9,!#\\$%&'\\*\\+\\?\\^_`\\{\\|}~-]+(\\.[a-z0-9,!#\\$%&'\\*\\+\\?\\^_`\\{\\|}~-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([a-z]{2,})$/";
 
    if (preg_match($normalEmail, $email)) {
        return 0;
    } else if (preg_match($validButRareEmail, $email)) {
        return 1;
    } else {
        return 2;
    }
}
 
//test function
 
$email = [EMAIL="'ff@there.com'"]'ff@there.com'[/EMAIL];
echo 'email status = '.isEmail($email);
 
?>

@Kalon - Doesn’t appear to handle: Unicode, addresses in quotes, IP addresses (both IPv4 and IPv6), intranet servers, comments, escaped characters, and domain checking via DNS. Is severely broken by allowing both bad recipients and bad labels through - domain labels cannot start nor end with a hyphen, labels are limited in length, and total length of an e-mail address is restricted.

Regexes are NOT a good solution. I once saw a ridiculous multi-page regex for e-mail address validation included in an O’Reilly book and then someone later analyzed it and found that it too was insufficient and non-RFC Standards compliant even though it is still the best attempt out there. To date, there is no single regex solution known to exist to correctly validate e-mail addresses. And no regex exists to repair broken e-mail addresses. IMO, the correct approach and only valid solution is to use a state engine.

In my years of experience, the only correct use I’ve ever seen for a regex is filtering, not validation. I have yet to see a single regex that is supposedly used for validation that doesn’t fail. I have never seen a regex intended as a filter fail and pass on bogus data that could then be used to compromise a system. preg_match() immediately sets off warning bells, preg_replace() does not.

Run your solution against the Dominic Sayers test suite.

fair enough

but I’m not sure there is anything out there that can validate email address formats for every single combination possible.

I just need a KISS function that flags the vast majority of invalid formats. I do other validation and sanitisation of inputs before inserting them into the database.

For my registration purposes, if someone posts an invalid email address or even a valid format but the email address doesn’t exist, then they won’t get the “complete registration” email with a link in it they will need to click to confirm their email address and enable their new account in the database.

I’ll give you that. The Standards frequently conflict with each other. But sending bogus e-mails is not good practice - they have to bounce back somewhere. That consumes unnecessary resources and bandwidth.

yep :agree:, you can’t stop someone from entering a valid format email address that doesn’t physically exist and so no matter what method you use to check if it actually exists or not, if it doesn’t exist it’s going to bounce off a wall somewhere on the www