RE: [PHP] Re: Email Validation built-in? RFC
just to add my 0.02 worth to this conversation after throwing things at the wall regarding email verification/validation, i finally decided to cheat. i went with using the perl/cpan email function (can't recall right now) and created a wrapper around it. the perl function has been around alot longer than almost any other function that i could find, and it appeared to follow the rfc standard. but yeah, it would be nice/good if there was a verified/valid/accurate php email_valid function, as most of the ones that i found were really lacking... -bruce -Original Message- From: Robin Vickery [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 25, 2005 5:31 AM To: php-general@lists.php.net Subject: Re: [PHP] Re: Email Validation built-in? RFC On 10/25/05, Mark Charette [EMAIL PROTECTED] wrote: Ben Litton wrote: You could certainly write an extension to do so. That's what I did (mostly I was writing one for another purpose and added a function I stole from O'Reilly. As you stated in your article, it isn't rfc822 compliant (it isn't even close). Richard was pretty specific in his needs. Just in case anyone's inspired to read through the specs; It's RFC-2822 these days. RFC-822 is obsolete. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
On 10/24/05, Manuel Lemos [EMAIL PROTECTED] wrote: on 10/23/2005 07:21 PM Robin Vickery said the following: ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? I don't see that being much better than passing a good regular expression to preg_match. 1. Technically you can't write a regular expression that matches *all* valid email addresses as part of the address specification is recursive. ccontent = ctext / quoted-pair / comment comment = ( *([FWS] ccontent) [FWS] ) Admittedly 99.99% of people don't even know you *can* comment email addresses so it's not a huge problem... If I am not mistaken, PCRE supports recursive regular expressions. I'm afraid not. You can hack recursion in Perl with the (??{ }) postponed expression construct. But PCRE doesn't support it. Without recursion, the best you can do is decide on a reasonable depth of nested comments and hardcode that. Anyway, the way I got the RFC that is not quite the form of an address but the way it may be presented in message header. Meaning, you can add comments in To: or other e-mail header but in reality the comments are not part of the address. I'm not sure exactly what you mean here. It's true that comments don't affect how mail gets delivered, but they're very definitely part of the address and may well have a meaning to the recipient that you can't predict. They could be using it for anti-spam or to disinguish between users of a mailbox or... well, anything really. Which is the reason that RFC-2821 recommends that they be passed to the recipient unchanged. 2. Very few people seem to be capable of recognising a *good* regular expression, let alone writing one. It seems clear that validating an address is a task that many people want to do, but few can do properly. I'd say that's a good reason for making it a built-in function. Yes. What I meant is that just copying a good enough regular expression would be sufficient to use it. There is no need to understand it. I had a quick look through my email last night and found 14 different email validation regular expressions posted to this list in the last few months. All of them would falsely reject valid addresses even without taking comments into account. 6 of them wouldn't even allow judy.o'[EMAIL PROTECTED] and another 3 would reject mail from the entire .museum TLD. What that would indicate to me, is that many people can't even recognise what a good enough regular expression looks like. What I meant is that despite I use that regular expression for many years without complaints, it could be improved to reject only invalid characters, but of course that is not what that expression does. Possibly because those whose email addresses it rejected couldn't contact you to complain? :-) Actually, I have very little problem with your regexp - I'd like it to handle domain literals, as they can be useful in communicating with people with broken DNS. But that's about it. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
On 10/25/05, Mark Charette [EMAIL PROTECTED] wrote: Ben Litton wrote: You could certainly write an extension to do so. That's what I did (mostly I was writing one for another purpose and added a function I stole from O'Reilly. As you stated in your article, it isn't rfc822 compliant (it isn't even close). Richard was pretty specific in his needs. Just in case anyone's inspired to read through the specs; It's RFC-2822 these days. RFC-822 is obsolete. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Validation built-in? RFC
You could certainly write an extension to do so. That's what I did (mostly I was writing one for another purpose and added a function I stole from O'Reilly. You can find the C code I used here: http://www.oreillynet.com/pub/a/network/excerpt/spcookbook_chap03/index3.html. It's pretty clever (If you're used to doing things the PHP/regex way) and while I haven't benchmarked it, I'd imagine it is pretty fast. There are lots of php extension tutorials out there, but if you want me to wrap it for you I probably could. I'm sure though that the many php regex solutions out there are probably 'good enough' for your needs, and I haven't tested that C code on some of the stranger e-mail addresses out there in existance. Ben On Fri, 21 Oct 2005 22:58:38 -0400, Richard Lynch [EMAIL PROTECTED] wrote: Given: It is unacceptable to reject perfectly valid email addresses, no matter how arcane. [Like mine. :-)] The CORRECT RegEx for validating an email is 3 pages long, and performance in PHP would probably not be so good... In today's Security-conscious world, data validation is a requirement. The (relatively) recent changes in domain names that allow UTF (Unicode?) characters. Checking MX records is not reliable at all. Forcing users to respond to email is A) burdensome to real users in many cases, and B) no real barrier to halfway intelligent fake users. ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? So at least one KNOWS that the email is a valid construct, before you even try (if you try at all) to make sure that a person actually checks it at least once in their life. Currently, email syntax validation is being done in very limited fashion, if not outright wrong by rejecting what actually ARE valid email addresses in about 10,000,000 PHP scripts by users who don't have any realistic options to truly do it right because who can really live with that 3-page Regex in their PHP code? Yes, in the past, I may have come down squarely on the opposite side of this topic, but I've changed my mind. I believe PHP needs a built-in syntactically CORRECT email validation function, vetted and tested by professionals, instead of the mess we now have. PLEASE do not point me to any existing email validation code unless you believe it is not only 100% correct and complete with RFC definitions of syntactically valid email. Not interested. I've already seen them, and been burned by them. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
Hello, on 10/23/2005 07:21 PM Robin Vickery said the following: Checking MX records is not reliable at all. I agree that it is less useful today, but it still help catches many domain name typos. ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? I don't see that being much better than passing a good regular expression to preg_match. 1. Technically you can't write a regular expression that matches *all* valid email addresses as part of the address specification is recursive. ccontent = ctext / quoted-pair / comment comment = ( *([FWS] ccontent) [FWS] ) Admittedly 99.99% of people don't even know you *can* comment email addresses so it's not a huge problem... If I am not mistaken, PCRE supports recursive regular expressions. Anyway, the way I got the RFC that is not quite the form of an address but the way it may be presented in message header. Meaning, you can add comments in To: or other e-mail header but in reality the comments are not part of the address. 2. Very few people seem to be capable of recognising a *good* regular expression, let alone writing one. It seems clear that validating an address is a task that many people want to do, but few can do properly. I'd say that's a good reason for making it a built-in function. Yes. What I meant is that just copying a good enough regular expression would be sufficient to use it. There is no need to understand it. For many years I use this regular expression in popular email validation and forms generation and validation classes. Rather than accepting only valid characters, it rejects all invalid characters as specified in the RFC. ^([-!#$%'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#$%'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,6}$ I'm sorry, but this regular expression rejects many perfectly valid ASCII characters. It seems to take into account only dot-atoms, not quoted-strings. It also rejects valid addresses using domain-literals. You are right of course. What I wrote is not what I meant. I fixed the sentence later but I did not realize that the message had already been sent. What I meant is that despite I use that regular expression for many years without complaints, it could be improved to reject only invalid characters, but of course that is not what that expression does. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
Ben Litton wrote: You could certainly write an extension to do so. That's what I did (mostly I was writing one for another purpose and added a function I stole from O'Reilly. As you stated in your article, it isn't rfc822 compliant (it isn't even close). Richard was pretty specific in his needs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
On 10/23/05, Manuel Lemos [EMAIL PROTECTED] wrote: Hello, on 10/22/2005 12:58 AM Richard Lynch said the following: Checking MX records is not reliable at all. I agree that it is less useful today, but it still help catches many domain name typos. ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? I don't see that being much better than passing a good regular expression to preg_match. 1. Technically you can't write a regular expression that matches *all* valid email addresses as part of the address specification is recursive. ccontent = ctext / quoted-pair / comment comment = ( *([FWS] ccontent) [FWS] ) Admittedly 99.99% of people don't even know you *can* comment email addresses so it's not a huge problem... 2. Very few people seem to be capable of recognising a *good* regular expression, let alone writing one. It seems clear that validating an address is a task that many people want to do, but few can do properly. I'd say that's a good reason for making it a built-in function. For many years I use this regular expression in popular email validation and forms generation and validation classes. Rather than accepting only valid characters, it rejects all invalid characters as specified in the RFC. ^([-!#$%'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#$%'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,6}$ I'm sorry, but this regular expression rejects many perfectly valid ASCII characters. It seems to take into account only dot-atoms, not quoted-strings. It also rejects valid addresses using domain-literals. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Validation built-in? RFC
It would be nice to have a php function valid_email or something but until then i suppose we just make do with what is available, for what I need I use the following:- eregi(^[a-z0-9]+([_\\.-][a-z0-9]+)* .@.([a-z0-9]+([\.-][a-z0-9]+)*)+.\\.[a-z]{2,}.$,$email) Ive never had problems with it but have up to now no need for multilanguage validation. What is wrong with that validation anyway? Richard Lynch wrote: Given: It is unacceptable to reject perfectly valid email addresses, no matter how arcane. [Like mine. :-)] The CORRECT RegEx for validating an email is 3 pages long, and performance in PHP would probably not be so good... In today's Security-conscious world, data validation is a requirement. The (relatively) recent changes in domain names that allow UTF (Unicode?) characters. Checking MX records is not reliable at all. Forcing users to respond to email is A) burdensome to real users in many cases, and B) no real barrier to halfway intelligent fake users. ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? So at least one KNOWS that the email is a valid construct, before you even try (if you try at all) to make sure that a person actually checks it at least once in their life. Currently, email syntax validation is being done in very limited fashion, if not outright wrong by rejecting what actually ARE valid email addresses in about 10,000,000 PHP scripts by users who don't have any realistic options to truly do it right because who can really live with that 3-page Regex in their PHP code? Yes, in the past, I may have come down squarely on the opposite side of this topic, but I've changed my mind. I believe PHP needs a built-in syntactically CORRECT email validation function, vetted and tested by professionals, instead of the mess we now have. PLEASE do not point me to any existing email validation code unless you believe it is not only 100% correct and complete with RFC definitions of syntactically valid email. Not interested. I've already seen them, and been burned by them. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Validation built-in? RFC
On Sat, October 22, 2005 2:32 pm, James Benson wrote: It would be nice to have a php function valid_email or something but until then i suppose we just make do with what is available, for what I need I use the following:- eregi(^[a-z0-9]+([_\\.-][a-z0-9]+)* .@.([a-z0-9]+([\.-][a-z0-9]+)*)+.\\.[a-z]{2,}.$,$email) Ive never had problems with it but have up to now no need for multilanguage validation. What is wrong with that validation anyway? If you are lucky, it does not reject any valid emails. For sure, however, it is not the 3-page 'correct' validation and therefore must accept at least SOME invalid emails... Almost for sure, it doesn't accept the new-fangled international emails. Presumably, if a built-in PHP function did this, changing it in one place would make everybody's code work right for this monumental change... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Validation built-in? RFC
Hello, on 10/22/2005 12:58 AM Richard Lynch said the following: Checking MX records is not reliable at all. I agree that it is less useful today, but it still help catches many domain name typos. ... would it not make sense for there to be a BUILT-IN PHP function of a TRUE email syntactic validation? I don't see that being much better than passing a good regular expression to preg_match. Currently, email syntax validation is being done in very limited fashion, if not outright wrong by rejecting what actually ARE valid email addresses in about 10,000,000 PHP scripts by users who don't have any realistic options to truly do it right because who can really live with that 3-page Regex in their PHP code? For many years I use this regular expression in popular email validation and forms generation and validation classes. http://www.phpclasses.org/formsgeneration http://www.phpclasses.org/emailvalidation Rather than accepting only valid characters, it rejects all invalid characters as specified in the RFC. ^([-!#$%'*+./0-9=?A-Z^_`a-z{|}~])+@([-!#$%'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,6}$ I think it could be enhanced to reject all invalid characters as specified in the RFC instead of accepting only the valid ASCII characters. It would be just a matter of changing a variable in both the classes above. Other than using that expression in PHP, the forms class can do the same in Javascript to reduce server round trip to check the email format. The email validation class can perform subsequent validation of DNS records and simulate delivery to see if the remote SMTP server would accept. It returns 3 kinds of results: Yes, no, maybe (not possible to determine for sure). It is even capable to distinguish a real rejection from a whitelist temporary rejection. -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
J B wrote: On 9/21/05, Michael Sims [EMAIL PROTECTED] wrote: Additionally, some mail servers unconditionally accept mail addressed to ANY username at their domain, whether that user actually exists or not. This is very bad practice, because it usually means the accepting MTA is a dumb host that has to forward all incoming mail to an internal mail server which knows which accounts exist, and if that server ends up rejecting the message, the dumb MTA creates a DSN and sends it back to the envelope sender (which is quite often forged). This causes the so-called backscatter which results in innocent people getting bounces for messages they didn't send. Nevertheless, lots of mail servers are configured this way, so you cannot simply assume that an account is real just because you didn't get a 5xx on RCPT TO. Just as a side note, and I do agree that this behaviour is bad practice in principle, but I imagine they (the MTAs) do this for the same reason that login prompts don't tell you when you enter a bogus username and still prompt for the password and give a generic access denied error...it prevents username fishing. There probably are a few people who accept mail to any address at their domain to foil dictionary attacks, but IMHO the vast majority of servers that are set up this way are due to mail admins who just don't know any better. It's not always easy to set up a border MTA so that it knows about the accounts that exist on an internal machine...it usually involves custom scripting or real-time callouts to the internal server and it takes a relatively knowledgeable admin to implement it (at least that has been my experience). I had someone else email me privately saying that they did the above precisely to foil dictionary attacks, but this person configured his server to simply discard email to nonexistent accounts. That has it's disadvantages (since it could make legit senders believe their messages are being delivered when they aren't) but it least it doesn't create any backscatter. In the default case, accepting all email unconditionally then later rejecting it is just irresponsible, since it makes you a vector for abuse, and could eventually get you blacklisted if other mail servers get sick of receiving bogus bounces from your domain... (As a side note, apparently the list software doesn't like the offtopic nature of this sub-thread (I just received a 550 on this message), so this will be my last post on the matter. But since I've gone to the trouble of typing it up let me throw in the words PHP, web, and Apache, so this will make it through. :) ) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: email validation (no regex)
Jim Moseby wrote: I threw together this totally untested and unreliable code to solicit comments on whether or not this is a good way to validate emails. Consider the following: pseudocode function validate_email($email){ if (str_word_count($email,'@')!=1){return('Not a proper email address');} $parts=explode('@',$email); $name=$parts[0]; $domain=$parts[1]; $mxconnect=FALSE; if (!getmxrr($domain,$mxhosts)){ return('Invalid domain'); }//if foreach($mxhosts as $mxhost){ if($fp=fsockopen($mxhost,25)){ $mxconnect=TRUE; fwrite($fp,EHLO test); $response=fread($fp,256); fwrite($fp, Mail From: [EMAIL PROTECTED].chr(13)); $response=fread($fp,256); fwrite($fp, 'RCPT To: '.$email.chr(13)); $response=fread($fp,256); $parts=explode(' ',$response); if ($parts[0]!='250'){ fwrite($fp,'QUIT'.chr(13)); fclose($fp); return('Unknown Recipient'); }//if }//if }//foreach if (!$mxconnect){return('Could not connect to MX');} fwrite($fp,'QUIT'.chr(13)); fclose($fp); return('OK'); }//function validate_email /pseudocode So, what is the general thought about validating email addresses in this manner? JM Thre is a good reason why virtually everyone uses regex patterns for email validating. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
So, what is the general thought about validating email addresses in this manner? JM Thre is a good reason why virtually everyone uses regex patterns for email validating. Excellent start! And that good reason is...? How can regex ensure that the email address that is submitted is a valid (ie working, able to receive email) address? Why is regex a better way? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
jim... validating email means different things to different people... but there's no way you're going to be able to 'throw' together something in 2-3 days that others have taken years to create/refine... if you only want to determine if an email address is valid, what does that mean to you? are you following the current/latest rfc 2822 (i think) standard? or are you just trying to get a quick halfway ok function... as an example, i was looking at a way of using a regex/function for email validation for a user input form... i decided that it was simply too tough to deal with the various nuances, and chickened out, using a combination perl/php approach... but you could do what you want to do. however, it's going to be painful if you want it to match the rfc spec... good luck... -bruce ps. take a look at perl's email::valid function if you want to get a feel for how extensive this task can get... -Original Message- From: Jim Moseby [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 11:01 AM To: 'Al'; php-general@lists.php.net Subject: RE: [PHP] Re: email validation (no regex) So, what is the general thought about validating email addresses in this manner? JM Thre is a good reason why virtually everyone uses regex patterns for email validating. Excellent start! And that good reason is...? How can regex ensure that the email address that is submitted is a valid (ie working, able to receive email) address? Why is regex a better way? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: email validation (no regex)
Jim Moseby said the following on 09/21/05 11:00: So, what is the general thought about validating email addresses in this manner? JM Thre is a good reason why virtually everyone uses regex patterns for email validating. Excellent start! And that good reason is...? How can regex ensure that the email address that is submitted is a valid (ie working, able to receive email) address? Why is regex a better way? Personally I would go for a combination. Regex is much faster so if you can eliminate fake addresses with regex you won't have to waste your time attempting to look up MX records or connect to mail servers that don't exist. My apologies for the line wrapping, but the following is a slightly modified function I found online and have been using for a while. It doesn't actually connect to the remote server and try sending to the address provided like your function does, it merely checks for a valid MX for the domain. The extra time spent attempting a fake send to an address was deemed not worth the bother as some mail servers (especially qmail) do not, by default or without patching, block messages from being sent to non-existant email addresses. Instead the message is accepted and bounced. Your method will not detect this. - Ben function isValidEmail($address, $checkMX = false) { // Return true or false depending on whether the email address is valid $valid_tlds = array(arpa, biz, com, edu, gov, int, mil, net, org, aero, ad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cf, cd, cg, ch, ci, ck, cl, cm, cn, co, cr, cs, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, fx, ga, gb, gd, ge, gf, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, in, io, iq, ir, is, it, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nt, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, pt, pw, py, qa, re, ro, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, st, su, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tm, tn, to, tp, tr, tt, tv, tw, tz, ua, ug, uk, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, yu, za, zm, zr, zw, coop, info, museum, name, pro); // Rough email address validation using POSIX-style regular expressions if (!eregi([EMAIL PROTECTED],}\.[a-z0-9\-\.]{2,}$, $address)) { return false; } else { $address = strtolower($address); } // Explode the address on name and domain parts $name_domain = explode(@, $address); // There can be only one ;-) I mean... the @ symbol if (count($name_domain) != 2) // There can be only one ;-) I mean... the @ symbol if (count($name_domain) != 2) return false; // Check the domain parts $domain_parts = explode(., $name_domain[1]); if (count($domain_parts) 2) return false; // Check the TLD ($domain_parts[count($domain_parts) - 1]) if (!in_array($domain_parts[count($domain_parts) - 1], $valid_tlds)) return false; // Search DNS for MX records corresponding to the hostname ($name_domain[0]) if ($checkMX !getmxrr($name_domain[1], $mxhosts)) return false; return true; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
jim... validating email means different things to different people... True, but for the most part people just want to know whether a user has entered a real working email address into their forms. What better test than to try to send an email to it? but there's no way you're going to be able to 'throw' together something in 2-3 days that others have taken years to create/refine... I threw the example I posted together in about 10 minutes (and it shows :). Even though I'm not at a place where I can test it right now, I think it will work with some tweaking. if you only want to determine if an email address is valid, what does that mean to you? are you following the current/latest rfc 2822 (i think) standard? or are you just trying to get a quick halfway ok function... Of course the SMTP standard would have to be followed, I typed what you see from memory, just as a conceptual model. as an example, i was looking at a way of using a regex/function for email validation for a user input form... i decided that it was simply too tough to deal with the various nuances, and chickened out, using a combination perl/php approach... So what do you get from them that my function would not give you? but you could do what you want to do. however, it's going to be painful if you want it to match the rfc spec... Really? Why does it need to be painful? I just need to do a 'EHLO', 'Mail From:' and 'RCPT to:' and 'QUIT'. It's not going to actually send an email. Seems simple to me. Maybe there's something else in the spec that I don't see? good luck... Thanks. :o) ps. take a look at perl's email::valid function if you want to get a feel for how extensive this task can get... My question is why does it have to be so complicated? SMTP servers are the best email validation devices known to man. Why not let them do the dirty work? JM -- playing devils advocate :o) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: email validation (no regex)
Hello, on 09/21/2005 02:49 PM Jim Moseby said the following: I threw together this totally untested and unreliable code to solicit comments on whether or not this is a good way to validate emails. Consider the following: So, what is the general thought about validating email addresses in this manner? This may work but your code has several problems like not handling long lines, multiline SMTP responses and grey listing. That may cause your code to break with some SMTP servers or give false negatives. Instead of re-inventing the wheel, you may want to try this popular class for validation of e-mail addresses that can check the destination SMTP server but it handles correctly the problems I mentioned above: http://www.phpclasses.org/emailvalidation -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
FW: [PHP] Re: email validation (no regex)
(Forwarding private reply to the list) -Original Message- From: Al Rider Sent: Wednesday, September 21, 2005 2:19 PM To: Jim Moseby Subject: Re: [PHP] Re: email validation (no regex) What you have is virtually impossible to determine if all legitimate possibilities are covered. email validation using regex is a very heavily analyzed subject Google regex email validate and you'll find loads of expressions. Look at the Zend article, it provides some insight. I fully understand about the almost limitless possibilities. Googling the subject returns results more mind boggling than the regex itself. :o) Do ANY of the regex examples you have found cover all those possibilities? If so, why are there so many different approaches? For most applications, where you will only be validating a small number of emails in a given day, why put yourself to all the regex pain, still to not have covered all the possibilities? In the end, with regards to email validation, all most people need is to know that a given email has a proper username, just 1 '@' in the middle, and a valid domain. If it doesn't, its a bogus email address. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
What you have is virtually impossible to determine if all legitimate possibilities are covered. email validation using regex is a very heavily analyzed subject Google regex email validate and you'll find loads of expressions. Look at the Zend article, it provides some insight. I fully understand about the almost limitless possibilities. Googling the subject returns results more mind boggling than the regex itself. :o) Do ANY of the regex examples you have found cover all those possibilities? If so, why are there so many different approaches? For most applications, where you will only be validating a small number of emails in a given day, why put yourself to all the regex pain, still to not have covered all the possibilities? In the end, with regards to email validation, all most people need is to know that a given email has a proper username, just 1 '@' in the middle, and a valid domain. If it doesn't, its a bogus email address. As to that, why not validate the email address by sending an automated message to the supplied account, requiring the person to click on a validation link? Easy, simple, works better than either method currently being discussed, purely for its simplicity, if nothing else. Much warmth, Murray --- Lost in thought... http://www.planetthoughtful.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
because you should want/need to validate that the address is correct prior to determining if the email server is up running... the regex function simply allows you to quickly determine if the address is valid... doens't mean that it's going to go to an actual live user...!! btw simply checking for a single '@' with a domain doesn't do it... what if the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your regex accept/deny this??? welcome to the world of email validation -bruce -Original Message- From: Murray @ PlanetThoughtful [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:01 PM To: 'Jim Moseby'; php-general@lists.php.net Subject: RE: [PHP] Re: email validation (no regex) What you have is virtually impossible to determine if all legitimate possibilities are covered. email validation using regex is a very heavily analyzed subject Google regex email validate and you'll find loads of expressions. Look at the Zend article, it provides some insight. I fully understand about the almost limitless possibilities. Googling the subject returns results more mind boggling than the regex itself. :o) Do ANY of the regex examples you have found cover all those possibilities? If so, why are there so many different approaches? For most applications, where you will only be validating a small number of emails in a given day, why put yourself to all the regex pain, still to not have covered all the possibilities? In the end, with regards to email validation, all most people need is to know that a given email has a proper username, just 1 '@' in the middle, and a valid domain. If it doesn't, its a bogus email address. As to that, why not validate the email address by sending an automated message to the supplied account, requiring the person to click on a validation link? Easy, simple, works better than either method currently being discussed, purely for its simplicity, if nothing else. Much warmth, Murray --- Lost in thought... http://www.planetthoughtful.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
because you should want/need to validate that the address is correct prior to determining if the email server is up running... the regex function simply allows you to quickly determine if the address is valid... doens't mean that it's going to go to an actual live user...!! btw simply checking for a single '@' with a domain doesn't do it... what if the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your regex accept/deny this??? welcome to the world of email validation -bruce As to that, why not validate the email address by sending an automated message to the supplied account, requiring the person to click on a validation link? Easy, simple, works better than either method currently being discussed, purely for its simplicity, if nothing else. I agree, so basic validation is A Good Thing. However, the most desirable form of validation would have to be, can I send a legitimate email to that account and receive acknowledgement that it's working by having the user click on a validation link. Much warmth, Murray --- Lost in thought... http://www.planetthoughtful.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
btw simply checking for a single '@' with a domain doesn't do it... what if the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your regex accept/deny this??? My function will quickly deny those because the DNS lookup for them will immediately fail. Will your regex deny '[EMAIL PROTECTED]'? Should it? welcome to the world of email validation That's your world. Mine is much simpler. :o) Seriously, I think Ben and Manuel have it right. A combination approach is probably most effective (and complex). I was hoping for a simple solution for the regex challenged. Of course the old tried and true validation email that requires the user to validate himself is the most fool-proof method, but thats not an on-the-fly solution. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
because you should want/need to validate that the address is correct prior to determining if the email server is up running... the regex function simply allows you to quickly determine if the address is valid... doens't mean that it's going to go to an actual live user...!! btw simply checking for a single '@' with a domain doesn't do it... what if the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your regex accept/deny this??? welcome to the world of email validation -bruce As to that, why not validate the email address by sending an automated message to the supplied account, requiring the person to click on a validation link? Easy, simple, works better than either method currently being discussed, purely for its simplicity, if nothing else. I agree, so basic validation is A Good Thing. However, the most desirable form of validation would have to be, can I send a legitimate email to that account and receive acknowledgement that it's working by having the user click on a validation link. After all, for all the regex / interrogation you perform, you still can't be certain that the user entered an account *they own*. See? Sending a validation email is *also* A Good Thing! Much warmth, Murray --- Lost in thought... http://www.planetthoughtful.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
but you could do what you want to do. however, it's going to be painful if you want it to match the rfc spec... Really? Why does it need to be painful? I just need to do a 'EHLO', 'Mail From:' and 'RCPT to:' and 'QUIT'. It's not going to actually send an email. Seems simple to me. Maybe there's something else in the spec that I don't see? Some mail servers can be configured to not reject the email until the end of DATA. I know you can do this in postfix. Although if the user is invalid, why you'd wait I don't know, but it is possible. -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
Philip Hallstrom wrote: but you could do what you want to do. however, it's going to be painful if you want it to match the rfc spec... Really? Why does it need to be painful? I just need to do a 'EHLO', 'Mail From:' and 'RCPT to:' and 'QUIT'. It's not going to actually send an email. Seems simple to me. Maybe there's something else in the spec that I don't see? Some mail servers can be configured to not reject the email until the end of DATA. I know you can do this in postfix. Although if the user is invalid, why you'd wait I don't know, but it is possible. Additionally, some mail servers unconditionally accept mail addressed to ANY username at their domain, whether that user actually exists or not. This is very bad practice, because it usually means the accepting MTA is a dumb host that has to forward all incoming mail to an internal mail server which knows which accounts exist, and if that server ends up rejecting the message, the dumb MTA creates a DSN and sends it back to the envelope sender (which is quite often forged). This causes the so-called backscatter which results in innocent people getting bounces for messages they didn't send. Nevertheless, lots of mail servers are configured this way, so you cannot simply assume that an account is real just because you didn't get a 5xx on RCPT TO. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation (no regex)
-Original Message- From: Jim Moseby [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:21 PM To: php-general@lists.php.net Subject: RE: [PHP] Re: email validation (no regex) btw simply checking for a single '@' with a domain doesn't do it... what if the user has '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. will your regex accept/deny this??? My function will quickly deny those because the DNS lookup for them will immediately fail. Will your regex deny '[EMAIL PROTECTED]'? Should it? welcome to the world of email validation That's your world. Mine is much simpler. :o) Seriously, I think Ben and Manuel have it right. A combination approach is probably most effective (and complex). I was hoping for a simple solution for the regex challenged. Of course the old tried and true validation email that requires the user to validate himself is the most fool-proof method, but thats not an on-the-fly solution. jim... these are valid emails... as defined by the rfc.. so your function would be in error.. This is where I think you and I are not connecting. I don't care if they are valid according to the RFC. I want to know if they are likely to be *WORKING* email addresses. And so, from that perspective, my function would not necessarily be in error, but working as designed. Others have brought up truly valid points with regards to the reliability of it though. Different quirks of MTA configuration and function are difficult to overcome. I have learned you cannot rely on 'RCPT To:' responding with a '250' as verification that it is a valid user. I have learned that a domain need not have an MX record at all, to receive mail. Learning is why I'm here, and why I posted this question. Thank you for your input. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: email validation (no regex)
On 9/21/05, Michael Sims [EMAIL PROTECTED] wrote: Additionally, some mail servers unconditionally accept mail addressed to ANY username at their domain, whether that user actually exists or not. This is very bad practice, because it usually means the accepting MTA is a dumb host that has to forward all incoming mail to an internal mail server which knows which accounts exist, and if that server ends up rejecting the message, the dumb MTA creates a DSN and sends it back to the envelope sender (which is quite often forged). This causes the so-called backscatter which results in innocent people getting bounces for messages they didn't send. Nevertheless, lots of mail servers are configured this way, so you cannot simply assume that an account is real just because you didn't get a 5xx on RCPT TO. Just as a side note, and I do agree that this behaviour is bad practice in principle, but I imagine they (the MTAs) do this for the same reason that login prompts don't tell you when you enter a bogus username and still prompt for the password and give a generic access denied error...it prevents username fishing. Of course, I would think that a better solution would be to do immediate rejection and then block the remote IP after X send attempts with invalid usernames, but maybe there's a compelling reason not to do that and I just haven't thought of it... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: email validation (no regex)
J B wrote: On 9/21/05, Michael Sims [EMAIL PROTECTED] wrote: Additionally, some mail servers unconditionally accept mail addressed to ANY username at their domain, whether that user actually exists or not. This is very bad practice, because it usually means the accepting MTA is a dumb host that has to forward all incoming mail to an internal mail server which knows which accounts exist, and if that server ends up rejecting the message, the dumb MTA creates a DSN and sends it back to the envelope sender (which is quite often forged). This causes the so-called backscatter which results in innocent people getting bounces for messages they didn't send. Nevertheless, lots of mail servers are configured this way, so you cannot simply assume that an account is real just because you didn't get a 5xx on RCPT TO. Just as a side note, and I do agree that this behaviour is bad practice in principle, but I imagine they (the MTAs) do this for the same reason that login prompts don't tell you when you enter a bogus username and still prompt for the password and give a generic access denied error...it prevents username fishing. Of course, I would think that a better solution would be to do immediate rejection and then block the remote IP after X send attempts with invalid usernames, but maybe there's a compelling reason not to do that and I just haven't thought of it... If someone else on my ISP tries to username fish and gets my ISP's MTA's IP blocked by any other MTA, I'd sure be pissed off about it. That's probably the reason why they don't block remote IPs after X invalid username send attempts -- MTAs are often shared by many, many users. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation regex
i tried that one... it doesn't do as well as the perl... Email::Valid mod... i decided to write a quick perl script, and call it from the php app... seems to satisfy my needs for now... i haven't run across any php script/regex that's as comprehensive as the perl Email::Valid -bruce -Original Message- From: Robert Paul [mailto:[EMAIL PROTECTED] Sent: Friday, September 16, 2005 7:13 PM To: php-general@lists.php.net Subject: [PHP] Re: email validation regex http://www.iamcal.com/publish/articles/php/parsing_email/ The author goes through RFC822 in detail and writes up a regex that validates emails based on that. It's worked in my experience, but I havn't exactly put it through its paces. --Rob bruce wrote: hi.. looking for a good/working/tested php email validation regex that conforms to the rfc2822 standard. a lot of what i've seen from google breaks, or doesn't follow the standard! any ideas/thoughts/sample code/etc... thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: email validation regex
Well what does the aforementioned regex seem to miss that Email::Valid catches? --Rob bruce wrote: i tried that one... it doesn't do as well as the perl... Email::Valid mod... i decided to write a quick perl script, and call it from the php app... seems to satisfy my needs for now... i haven't run across any php script/regex that's as comprehensive as the perl Email::Valid -bruce -Original Message- From: Robert Paul [mailto:[EMAIL PROTECTED] Sent: Friday, September 16, 2005 7:13 PM To: php-general@lists.php.net Subject: [PHP] Re: email validation regex http://www.iamcal.com/publish/articles/php/parsing_email/ The author goes through RFC822 in detail and writes up a regex that validates emails based on that. It's worked in my experience, but I havn't exactly put it through its paces. --Rob bruce wrote: hi.. looking for a good/working/tested php email validation regex that conforms to the rfc2822 standard. a lot of what i've seen from google breaks, or doesn't follow the standard! any ideas/thoughts/sample code/etc... thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: email validation regex
for one... as i recall... email::valid picks up the fact that [EMAIL PROTECTED] is not valid email::valid also permits you to have ip addresses in the domain section email::valid also has in my mind a better grasp of the valid/invalid chars for the username portion... you mileage may vary.. -bruce -Original Message- From: Robert Paul [mailto:[EMAIL PROTECTED] Sent: Saturday, September 17, 2005 8:06 PM To: php-general@lists.php.net Subject: Re: [PHP] Re: email validation regex Well what does the aforementioned regex seem to miss that Email::Valid catches? --Rob bruce wrote: i tried that one... it doesn't do as well as the perl... Email::Valid mod... i decided to write a quick perl script, and call it from the php app... seems to satisfy my needs for now... i haven't run across any php script/regex that's as comprehensive as the perl Email::Valid -bruce -Original Message- From: Robert Paul [mailto:[EMAIL PROTECTED] Sent: Friday, September 16, 2005 7:13 PM To: php-general@lists.php.net Subject: [PHP] Re: email validation regex http://www.iamcal.com/publish/articles/php/parsing_email/ The author goes through RFC822 in detail and writes up a regex that validates emails based on that. It's worked in my experience, but I havn't exactly put it through its paces. --Rob bruce wrote: hi.. looking for a good/working/tested php email validation regex that conforms to the rfc2822 standard. a lot of what i've seen from google breaks, or doesn't follow the standard! any ideas/thoughts/sample code/etc... thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: email validation regex
http://www.iamcal.com/publish/articles/php/parsing_email/ The author goes through RFC822 in detail and writes up a regex that validates emails based on that. It's worked in my experience, but I havn't exactly put it through its paces. --Rob bruce wrote: hi.. looking for a good/working/tested php email validation regex that conforms to the rfc2822 standard. a lot of what i've seen from google breaks, or doesn't follow the standard! any ideas/thoughts/sample code/etc... thanks -bruce [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email validation
Hello, On 06/14/2002 03:06 AM, Miguel Cruz wrote: On Fri, 14 Jun 2002, Manuel Lemos wrote: The following classes use this validation regular expression string. It does not exclude some invalid addresses but includes all valid addresses. ^([-!#\$%'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$ It doesn't, as far as I can tell, allow this valid address: [EMAIL PROTECTED] I never heard of TLD with more than 4 characters. Is this recent? This classes that I mentioned with this regular expression are used by more than 10.000 users. If this was a problem already, I should have learned. So, I assume TLDs like this are recent. And what's with all the nonsense characters in the domain name portion? Only letters, numbers, hyphen, and period are allowed after the @ sign. I just followed the BNF of the RFC to figure which characters would eventually be valid. At least it does not exclude valid characters. -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email validation
On Fri, 14 Jun 2002, Manuel Lemos wrote: On 06/14/2002 03:06 AM, Miguel Cruz wrote: On Fri, 14 Jun 2002, Manuel Lemos wrote: The following classes use this validation regular expression string. It does not exclude some invalid addresses but includes all valid addresses. ^([-!#\$%'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$ It doesn't, as far as I can tell, allow this valid address: [EMAIL PROTECTED] I never heard of TLD with more than 4 characters. Is this recent? About a year old, I think. Not that it's being used a whole lot yet, admittedly. And what's with all the nonsense characters in the domain name portion? Only letters, numbers, hyphen, and period are allowed after the @ sign. I just followed the BNF of the RFC to figure which characters would eventually be valid. At least it does not exclude valid characters. The RFCs would also suggest that the final component of a domain could be longer than 4 characters. In fact, accommodating that has been a clear operational requirement for some time, as it's long been threatened that such domains would exist in the primary root, and for people who use the various splinternet alternate roots, it's been reality for years. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email validation
That one does not accept '+'. In fact, that was the 1st time I ever saw such a character in an e-mail address. I did not check the RFC, but if it is valid, just add the '+' char to the reg. exp. like this: function mailCheck($strEMailAddress) { return eregi(^[_a-z0-9+-]+(\.[_a-z0-9+-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$, $strEMailAddress); } This should now accept your mail address. Regards, Pedro Alberto Pontes - Original Message - From: Timothy J. Luoma [EMAIL PROTECTED] Newsgroups: php.general To: Pedro Pontes [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, June 14, 2002 04:49 Subject: Re: Email validation On Wed, 12 Jun 2002, Pedro Pontes wrote: function checkEmail($strEMailAddress) { return eregi(^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$, $strEMailAddress); } You have it now :). I'm still learning my PHP regex... does the above allow someone to have a literal + in their email address, ala [EMAIL PROTECTED] which is perfectly valid, but often rejected by email validators? TjL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email validation
On Wed, 12 Jun 2002, Pedro Pontes wrote: function checkEmail($strEMailAddress) { return eregi(^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$, $strEMailAddress); } You have it now :). I'm still learning my PHP regex... does the above allow someone to have a literal + in their email address, ala [EMAIL PROTECTED] which is perfectly valid, but often rejected by email validators? TjL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email validation
Hello, On 06/13/2002 11:49 PM, Timothy J. Luoma wrote: On Wed, 12 Jun 2002, Pedro Pontes wrote: function checkEmail($strEMailAddress) { return eregi(^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$, $strEMailAddress); } You have it now :). I'm still learning my PHP regex... does the above allow someone to have a literal + in their email address, ala [EMAIL PROTECTED] which is perfectly valid, but often rejected by email validators? The following classes use this validation regular expression string. It does not exclude some invalid addresses but includes all valid addresses. ^([-!#\$%'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$ Forms generation and validation http://www.phpclasses.org/formsgeneration E-mail address validation http://www.phpclasses.org/emailvalidation -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email validation
On Fri, 14 Jun 2002, Manuel Lemos wrote: The following classes use this validation regular expression string. It does not exclude some invalid addresses but includes all valid addresses. ^([-!#\$%'*+./0-9=?A-Z^_`a-z{|}~?])+@([-!#\$%'*+/0-9=?A-Z^_`a-z{|}~?]+\\.)+[a-zA-Z]{2,4}\$ It doesn't, as far as I can tell, allow this valid address: [EMAIL PROTECTED] And what's with all the nonsense characters in the domain name portion? Only letters, numbers, hyphen, and period are allowed after the @ sign. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email validation
function checkEmail($strEMailAddress) { return eregi(^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$, $strEMailAddress); } You have it now :). Regards, Pedro Alberto Pontes Jeroen Timmers [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there a simple function that validate an email adres Thx Jeroen Timmers -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email validation
Hello, On 06/12/2002 01:56 PM, Jeroen Timmers wrote: Is there a simple function that validate an email adres You may want to try this e-mail validation class that provides different levels of e-mail validation. http://www.phpclasses.org/emailvalidation -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php