--- Jane Trimmer <[EMAIL PROTECTED]> wrote:
> Using the textbook 'PHP Web Development with Dreamweaver MX 2004' as a
> guide, I used these statements to validate email addresses:
> $pattern = '/^\w[-.\w]*@([-a-z0-9]+\.)+[a-z]{2,4}$/i';
> if (!preg_match($pattern,$yourEmail))................
>
> and strip-tags to validate other input.
>
> Is this sufficient?
It should be OK. However, the portion of the regular expression:
[a-z]{2,4}
is intented to allow a TLD (top-level domain) with a typical value of
com, net, org, edu, mil, gov, ...
us, ca, uk, jp, ...
It should work for most of the newer TLDs:
pro, aero, biz, info, name
since it allows 2, 3, or 4 characters after the dot. However it will have
problems with the other "new" TLD:
museum
This is probably not a big issue.
On some systems I will also check the server name portion of the email to see
if it is a valid domain name. The gethostbyname() function will return the IP
if it can be resolved or the original name input if it cannot. This can be a
time-intensive process so it works best when there are relatively few emails to
check at a time.
I have also worked on systems where we checked the sendmail log to see what
sort of response code was given when a test email was sent. This made it
possible to see if the email was accepted. There are a variety of response
codes (4.0.0 is "accepted" other values indicate a problem) defined for SMTP.
Your reg ex will work for the basic question: "does this input look like an
email address?"
Other areas of user input require different methods of validation.
For example, you should carefully scrutinize any time a user input is going to
affect the name of an include() or require() file or a function like exec(),
system(), or the backtick operator.
SQL statements can be susceptible to SQL injection where a value may be much
more than was expected.
This is a huge topic. You have to get into the mindset of the badguys to see
how they might attempt to abuse your system.
James
_____
James D. Keeline
http://www.Keeline.com http://www.Keeline.com/articles
http://Stratemeyer.org http://www.Keeline.com/TSCollection
http://www.ITeachPHP.com -- Free Computer Classes: Linux, PHP, etc.
Fall Semester Begins Sep 7 -- New Classes Start Every Few Weeks.
------------------------ Yahoo! Groups Sponsor --------------------~-->
Fair play? Video games influencing politics. Click and talk back!
http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
