Some little PHP questions

Question

I'm getting a lot of critics on my scripting, With my register i'm using:

(empty($_POST['email'])) 

There are some guys who say that that isn't good, any better alternatives?

Also i'm using preg_march for my email valitdation:

if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['email'])) { 

There is one guy who says i need to use Filter_validate and there is a guy who is telling me to use strlen any answers?

And at last: I'm sending an activation email by using:

mail($Email, 'Activeer je account!', $message, 'Van: NoReply@RubyCMS.com');

Is there something wrong with this? People keep saying i need to use the phpmailer class but i don't even know what that is...

Thanks

Answer 1

filter_var() is about as good as you can get without going so far as to send an email to the address with a confirmation link enclosed. You can do things like DNS and MX record checks but they can add a lot of overhead and can also give you false positives.

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ 
    // bad email
}

Answer 2

I would say that you should use all possible language benefits that it can give you.

if(filter_var($email, FILTER_VALIDATE_EMAIL)){

is good.

When you are using preg_match you should know regexp good. If you are not good in them, it's always possible to make a failure.

About mail it depends on how much emails you should send. If one email per hour, it's not a problem. If a lot of letter at cycle - better find other solution.

Answer 3

1. Use if( isset($_POST['field']) && !empty($_POST['field']) ) to avoid pesky 'Undefined index' problems/messages.
2. The 'one regex to rule them all' for fully RFC-compliant email validation is dozens of lines long, yours is not. Therefore, your regex is not fully RFC-compliant. FILTER_VALIDATE_EMAIL is fully RFC-compliant.

And whoever told you to use strlen() to validate an email address needs his internet privileges revoked.