PHP email address validation question

Question

I was wondering how can I just check if an @ sign has been included when an email address is entered into the input box? I'm using PHP.

Here is my php code.

if (isset($_POST['email']) && strlen($_POST['email']) <= 255)

Answer 1

You are welcome to use my free PHP function is_email() to validate addresses. It's available to download here. It doesn't use a regex because I can't find one that fully implements RFC 5321.

is_email() will ensure that an address is fully RFC 5321 compliant. It can optionally also check whether the domain actually exists and has an MX record.

You shouldn't rely on a validator to tell you whether a user's email address actually exists: some ISPs give out non-compliant addresses to their users, particularly in countries which don't use the Latin alphabet. More in my essay about email validation here: http://isemail.info/about.

Answer 2

This is what I use. Works perfectly.

public function valid_mail($mail)
{
if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $mail))
{
return false;
} else {
return true;
}
}

Answer 3

This regex implements rfc2822:

[a-z0-9!#$%&'*+/=?^_{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_{|}~-]+)*@(?:a-z0-9?.)+a-z0-9?

However, in practice, I find this more apposite for the purpose of capturing an email address (or more specifically an ADDR-SPEC) via a web page:

^[a-z0-9._%+!$&*=^|~#%\'`?{}/-]+@[a-z0-9.-]+.[a-z]{2,6}$

Answer 4

This is how you do an email validation check with PHP:

function check_email($email) {

  // Remove trailing and leading spaces.
  $email = trim($email);

  // Must have an @ sign.
  $at = strpos($email, '@');
  if( $at === false )
    return 1; //false;
  list($mailbox, $hostname) = explode('@', $email);

  // Check that there is a mailbox and a hostname
  if( $mailbox == '' || $hostname == '' )
    return 2; //false;

  // Only one @ allowed
  if( strpos($hostname, '@') !== false )
    return 3; //false;

  // Must be a . in the hostname
  if( strpos($hostname, '.') === false )
    return 4; //false;

  // Can't have a double in either mailbox or hostname
  if( strpos($hostname, '..') !== false || strpos($mailbox, '..') !== false )
    return 5; //false;

  // Mailbox can't start or end with a .
  if( substr($mailbox, 0, 1) == '.' || substr($mailbox, strlen($mailbox)-1, 1) == '.' )
    return 6; //false;

  // Hostname can't start or end with a .
  if( substr($hostname, 0, 1) == '.' || substr($hostname, strlen($hostname)-1, 1) == '.' )
    return 7; //false;

  // Check that all characters are valid
  if( str_replace(' ' , '', strtr(strtolower($mailbox), 'abcdefghijklmnopqrstuvwxyz0123456789!#$%&\'*+-/=?^_`{|}~.', '                                                        ')) != '' )
    return 8; // false;
  if( str_replace(' ' , '', strtr(strtolower($hostname), 'abcdefghijklmnopqrstuvwxyz0123456789_-.', '                                       ')) != '' )
    return 9; //false;

return 0; //true;
}

Answer 5

Could just use a simple:

filter_var($email, FILTER_VALIDATE_EMAIL)

If you absolutely must use a Regex, than I would recommend (This is to signify that regex should NOT be used to validate email addresses):

"/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?
[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?
[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-
\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-
\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-
\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-
\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-
9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-
9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-
9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-
9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-
9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-
9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD"

Answer 6

Just a quote from the docs on strstr. "If you only want to determine if a particular needle occurs within haystack, use the faster and less memory intensive function strpos() instead."

Another thing on strpos I've noticed is that it's unsafe to just check for truth of strpos because if $needle is at 0'th position in $haystack, a simple check will fail. You must check it's type as well (at least I do). This will print "notfound found".

<?php

$str = 'foobar';

if (strpos($str, 'foo')) {
    echo 'found ';
} else {
    echo 'notfound ';
}

// proper...
if (strpos($str, 'foo') !== false) {
    echo 'found ';
} else {
    echo 'notfound ';
}

Answer 7

You might want to have this checked using a preg instead of a loose strpos($_POST['email'],"@"):

if (preg_match($_POST["email"],"/^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+)*)|((\x22)((((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(([\x01-\x08\x0b\x0c\x0e-\x1f\x7f]|\x21|[\x23-\x5b]|[\x5d-\x7e]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(\\([\x01-\x09\x0b\x0c\x0d-\x7f]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))))*(((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(\x22)))@((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?$/i")) {
// do stuff
}

Source

Answer 8

if(strstr($email,"@"))
{
// true
}

A better way to find if the email is fine is by using this regex

\b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b 

in preg_match()