I need a professional and reliable way of testing email addresses. I came across this Validate an E-Mail Address with PHP, the Right Way LJ article By Douglas Lovell, which [URL=“http://isemail.info/about”]Dominic Sayers criticizes the author of the article and his techniques. Since he seems to know what his is doing I took a stab as his approach, honestly I have no clue what the code means (I can barely make up the meaning of regexp’s), so I’m just going by instinct. I do need to know if it is reliable so I can use it with my live sites.
Does anyone know is is_email() is trustworthy and reliable, and better that other stuff out there.
Thanks!
Have you considered starting off by using the built-in PHP validate filters method to validate emails?
There are tons of different ways to do it, none of them help massively on a production site. You could use php’s function for ease but be careful when using other methods people have made as they may block real email addresses, for example those based on subdomains, or tld’s not in the script 
I’d say include a basic filter and send an account confirmation email to verify it.
One more thing to add to this already difficult task: in some countries non-ascii chars are already allowed in email addresses, for example ñoñó@server.com There are now also some internationalized domain names, which make it possible to have email @мир.рф
I think all of existing validators will regect such addresses, even though they are valid, at least at some countries.
What I have learned about validating email is that is the same if we don’t validate them.
I understand that there a php built in methods, the reason why I thought of using other methods is because I want to ensure the data flowing in my site is clean and safe.
I learned though Kevin Yank that using a “magic quotes” helper strips off php variables and gets them ready for database usage, but is this enough in this vulnerable environment to stop any malicious db injections.
Thank you
There are a couple of truths that still hold though:
Email addresses will not contain space characters.
Email addresses will not contain semicolons.
Email adressess will not contain quotation marks of any form.
Email addresses will contain exactly 1 @.
Those four facts should be enough to filter with. Not for validity, but for anti-nastiness.
I’ve tried many implementations over the years but currently I use this:
Remember, it’s better to accept 10% of invalid emails than refuse 1% of valid emails
If you want to be exact you need to follow the RFC: http://www.ietf.org/rfc/rfc2822.txt
None of these are true. The specification allows all of these characters as long as they’re escaped or quoted: RFC 3696 - Application Techniques for Checking and Transformation of Names
I learned that as well. The spaces and extra @ could be surrounded by quotes and that is valid. In the RFC original document is not stated correctly but then is found in the errata file. That I’ve thank to Dominic, he pointed it out.
Fine - So add to your filter an exception for the never-used Quoted Email Address.
By the RFC definition, then, Anything and everything is valid. You cant filter it without running a whole interpreter over it
Try using PHP’s preg_match function!
I think one mistake people make is try to overly validate email addresses. There are 2 situations where a user might type in a bogus address: 1) they misspelled it, and 2) they don’t want you to have their real email address.
To solve issue 1, the simplest is to have them type it twice and check that they match. For issue #2 you can do some basic checks to make sure the email address isn’t malformed, but a user can just as easily give you a bogus address that validates. So if it’s critical that you have an actual address then you need to send a verification email as sourcez stated above.
Not to mention just sticking “We will send a validation email to this address” on the form to discourage it 
That does absolutely nothing to prevent typos. When the email address is copied from the first field and pasted into the second it will still contain whatever typos it contained the first time.
No one will actually type in their email address twice as it serves no purpose whatever to do so. Most would have their email address saved somewhere so that they can paste it into the email field directly without having to type it in at all.
There is a regular expression that handled the full validation of an email address for everything it is allowed to contain according to the standard - I saw it listed in a book on regular expressions - it had several pages of the book used to specify the expression. I have never seen it actually used anywhere as it is far easier to simply send an email to the address and require a response. You need to get a response in any case in order to confirm that the email address belongs to the person who entered it - otherwise you have an email address that might be a valid but may not exist or even if it does exist does not belong to the person who entered it.
The filter that PHP provides should be sufficient to ensure that the value entered is a close enough match on being an actual email address to make it worthwhile trying to send an email to that address.
I think you would be incredibly surprised.
What - at how many people abandon filling out such a stupid form and go elsewhere? There are a huge number of people who actually do that when confronted with forms that make such stupid requests. If it weren’t that my browser fills in my email address for me automatically when I type in just ther first letter I know that I would never bother with such stupid forms.
I do agree that it is really surprising how many people actually type in their email address once rather than configuring their browser to do it for them.
I don’t mind you saying that my advice is “absolutely” wrong and “stupid” as long as you have some kind of data to back up your claim. I have first hand evidence (although anecdotal) that supports the advice that I gave - do you have anything beyond your single opinion and guess?
This is now becoming unrelated to the helping the OP with his query.
Some people type in everything, and others do what they can to avoid it. Arguing about this won’t be of much help.
Thanks for all of the advice, and everyone’s got a point. It would be a good idea to record at which point a user abandons a form (both types of forms). such results could help prove either point and end up benefiting the community in general.
I guess aI will continue to listen to experts and make my best sense out of it.