How to allow only one email address and check for the @ sign to validate the email address?

Question

I was wondering how do I allow only one email address? Also how can I only check for the @ sign in the email address to validate the email?

Here is my PHP code.

if (isset($_GET['email']) && strlen($_GET['email']) <= 255) {
    $email = mysqli_real_escape_string($mysqli, strip_tags($_GET['email']));
} else if($_GET['email'] && strlen($_GET['email']) >= 256) {
    echo '<p>Your email cannot exceed 255 characters!</p>';
}

Answer 1

PHP has filter_var which can be used like this:

if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    if (strpos($email, "@") === true) {
        // VALID
    }
}

This is a simple way to check if common address are valid (and will not allow obvious fakes) however, this doesn't make sure your email address is valid according to the RFC 822, RFC 2822, or RFC 3696.

I would also like to point this out. That will validate an email address according to the proper RFCs.

Answer 2

try using regex expression for it... you can find patterns in google

on eg:

if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ 
echo "<center>Invalid email</center>"; 
}else{
echo "<center>Valid Email</center>";} 
}

Edited for preg_match:

if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){ 
echo "<center>Invalid email</center>"; 
}else{
echo "<center>Valid Email</center>";
} 

Answer 3

how do I allow only one email address?

Run SELECT query to see if there is such an email already.

how can I only check for the @ sign in the email

strpos would be enough.
Though it would be a good idea to confirm email address by sending a letter to that address, you know.

Also you have a few things to correct in your code.

your else if statement is not necessary, there should be just else

and mysqli_real_escape_string shouldn't be in the validation section. It is database related function, not validation one.

And if it's registration form, it should use POST method

so, smth like this

$err = array();
if (empty($_POST['email']) $err['email'] = "email cannot be empty";
if (strlen($_POST['email']) >= 256) $err['email'] = "email is too long";
if (!strpos("@",$_POST['email'])) $err['email'] = "malformed email";

$query = "SELECT 1 FROM members WHERE email ='".
          mysqli_real_escape_string($mysqli, $_POST['email'])."'";
$res   = mysqli_query($mysqli, $query) or trigger_error(mysqli_error($mysqli).$query);
if (mysqli_num_rows($res)) $err['email']="email already present";

//other validations as well

if (!$err) {
  //escape all the data.
  //run your insert query.
  header("Location: ".$_SERVER['REQUEST_URI']);
  exit;
} else {
  foreach($_POST as $key => $value) {
    $_FORM[$key]=htmlspecialchars($value,ENT_QUOTES);
  }  
  include 'form.php';
}

Answer 4

If this is a form, you can use input type="email" in your form. It is part of HTML5, so it isn't implemented in all browsers yet.

This won't serve the full purpose, but it will prevent a single page load for obvious mistakes (forgetting @ or .com) to help a little. Browsers which implement it prevent you from submitting the form if it's invalid; also, Apple devices will utilize a special keyboard for that entry with "@" and ".com" present.

(Just an extra piece of info, since I don't know your whole situation.)

Answer 5

Don't.

Use a completely RFC-compliant validator instead, followed up with an actual mail to the address. Truly, sending a mail to the address is the only real way to make sure it's a legitimate email address.