PHP email address validation question

Question

I was wondering how can I just check if an @ sign has been included when an email address is entered into the input box? I'm using PHP.

Here is my php code.

if (isset($_POST['email']) && strlen($_POST['email']) <= 255)

Just checking whether the @ sign is present or not is not the PROPER way of validating an email address :) Take a look @ how regular expressions work :) — Ranhiru Jude Cooray, Oct 01 '10 at 03:26
@Ranhiru Cooray regular expressions dont work for all emails :) — HELP, Oct 01 '10 at 03:28
Although it will be hard to create one regular expression to rule them all, I think it is quite possible to create something sturdy. Anyway IMHO, it is a zillion times better than just checking whether the symbol @ is present :) — Ranhiru Jude Cooray, Oct 01 '10 at 03:31
@Ranhiru Cooray to eachs there own I think my way is okay though:) — HELP, Oct 01 '10 at 03:36

score 6 · Answer 1 · answered Oct 01 '10 at 05:27

Could just use a simple:

filter_var($email, FILTER_VALIDATE_EMAIL)

If you absolutely must use a Regex, than I would recommend (This is to signify that regex should NOT be used to validate email addresses):

"/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?
[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?
[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-
\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-
\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-
\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-
\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-
9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-
9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-
9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-
9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-
9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD"

score 2 · Answer 2 · answered Oct 01 '10 at 03:21

2

if(strstr($email,"@"))
{
// true
}

A better way to find if the email is fine is by using this regex

\b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b

in preg_match()

answered Oct 01 '10 at 03:21

arbithero

426
3
13

I just want to check if the @ is there. – HELP Oct 01 '10 at 03:23
4

That's a dreadful regex — it rejects emails on the `.museum` TLD and those with a `+` in them. – Quentin Oct 01 '10 at 05:19
It also doesn't match emails with lowercase letters. And something like this: `TEST@..........AA` is valid. – Michael Mior Oct 01 '10 at 14:40

score 1 · Answer 3 · answered Oct 01 '10 at 03:24

You might want to have this checked using a preg instead of a loose strpos($_POST['email'],"@"):

if (preg_match($_POST["email"],"/^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+)*)|((\x22)((((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(([\x01-\x08\x0b\x0c\x0e-\x1f\x7f]|\x21|[\x23-\x5b]|[\x5d-\x7e]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(\\([\x01-\x09\x0b\x0c\x0d-\x7f]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))))*(((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(\x22)))@((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?$/i")) {
// do stuff
}

Source

score 0 · Answer 4 · answered Oct 01 '10 at 03:54

Just a quote from the docs on strstr. "If you only want to determine if a particular needle occurs within haystack, use the faster and less memory intensive function strpos() instead."

Another thing on strpos I've noticed is that it's unsafe to just check for truth of strpos because if $needle is at 0'th position in $haystack, a simple check will fail. You must check it's type as well (at least I do). This will print "notfound found".

<?php

$str = 'foobar';

if (strpos($str, 'foo')) {
    echo 'found ';
} else {
    echo 'notfound ';
}

// proper...
if (strpos($str, 'foo') !== false) {
    echo 'found ';
} else {
    echo 'notfound ';
}

score 0 · Answer 5 · answered Oct 01 '10 at 11:34

This regex implements rfc2822:

[a-z0-9!#$%&'*+/=?^_{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_{|}~-]+)*@(?:a-z0-9?.)+a-z0-9?

However, in practice, I find this more apposite for the purpose of capturing an email address (or more specifically an ADDR-SPEC) via a web page:

^[a-z0-9._%+!$&*=^|~#%\'`?{}/-]+@[a-z0-9.-]+.[a-z]{2,6}$

score 0 · Answer 6 · answered Mar 15 '11 at 11:35

You are welcome to use my free PHP function is_email() to validate addresses. It's available to download here. It doesn't use a regex because I can't find one that fully implements RFC 5321.

is_email() will ensure that an address is fully RFC 5321 compliant. It can optionally also check whether the domain actually exists and has an MX record.

You shouldn't rely on a validator to tell you whether a user's email address actually exists: some ISPs give out non-compliant addresses to their users, particularly in countries which don't use the Latin alphabet. More in my essay about email validation here: http://isemail.info/about.

score -1 · Answer 7 · answered Oct 01 '10 at 05:41

This is how you do an email validation check with PHP:

function check_email($email) {

  // Remove trailing and leading spaces.
  $email = trim($email);

  // Must have an @ sign.
  $at = strpos($email, '@');
  if( $at === false )
    return 1; //false;
  list($mailbox, $hostname) = explode('@', $email);

  // Check that there is a mailbox and a hostname
  if( $mailbox == '' || $hostname == '' )
    return 2; //false;

  // Only one @ allowed
  if( strpos($hostname, '@') !== false )
    return 3; //false;

  // Must be a . in the hostname
  if( strpos($hostname, '.') === false )
    return 4; //false;

  // Can't have a double in either mailbox or hostname
  if( strpos($hostname, '..') !== false || strpos($mailbox, '..') !== false )
    return 5; //false;

  // Mailbox can't start or end with a .
  if( substr($mailbox, 0, 1) == '.' || substr($mailbox, strlen($mailbox)-1, 1) == '.' )
    return 6; //false;

  // Hostname can't start or end with a .
  if( substr($hostname, 0, 1) == '.' || substr($hostname, strlen($hostname)-1, 1) == '.' )
    return 7; //false;

  // Check that all characters are valid
  if( str_replace(' ' , '', strtr(strtolower($mailbox), 'abcdefghijklmnopqrstuvwxyz0123456789!#$%&\'*+-/=?^_`{|}~.', '                                                        ')) != '' )
    return 8; // false;
  if( str_replace(' ' , '', strtr(strtolower($hostname), 'abcdefghijklmnopqrstuvwxyz0123456789_-.', '                                       ')) != '' )
    return 9; //false;

return 0; //true;
}

flaab · Answer 8 · 2010-10-01T11:39:01.690

-2

This is what I use. Works perfectly.

public function valid_mail($mail)
{
if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $mail))
{
return false;
} else {
return true;
}
}

edited Oct 01 '10 at 11:39

answered Oct 01 '10 at 07:48

flaab

543
9
19

Even after unscrambling your post, there's a huge list of things wrong with this pattern. – symcbean Oct 01 '10 at 11:36

PHP email address validation question

8 Answers8