30

For PHP what is the best email validation using preg, NOT ereg because it's deprecated/removed.

I don't need to check if the website exists (it's not like maximum security).

I've found many ways with ereg but they (obviously) aren't good practice.

Improve this question
0

3 Answers 3

Reset to default
80

I suggest you use the FILTER_VALIDATE_EMAIL filter:

if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    //valid
}

You can also use its regular expression directly:

"/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD"

But in that case, if a bug is found in the regular expression, you'll have to update your program instead of just updating PHP.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Keep in mind that an email can also contain these characters: ` ' / *`. So this validation doesn't make it DB safe.
filter_var() is new for me. Is FILTER_VALIDATE_EMAIL good?
+1 for source code reference. great
Link to source code is dead. Latest link is here. Regex is also changed.
3

Unless you want to use a very very long regular expressions you'll run into valid email addresses that are not covered (think Unicode). Also fake email addresses will pass as valid, so what is the point of validating if you can simply write [email protected] and get away with it?

The best way to validate email addresses is to send a confirmation email with a link to click. This will only work if the email address is valid: easy, and no need to use regex.

Improve this answer

8 Comments

simply as I said, it's not like maximum security
A reasonable Developer will alway check a given Adress for validity BEFORE attempting to send an email to the "string". So this is not an argument. But Doupble-opt-in should be done anyway - which was not the question.
@Jan.: So, what if my email is àèìòù@mydomain.com and your preemptive check prevents me to register to your site? Just send a confirmation email and you're set, no need to check for validity before and risking to block valid email addresses.
@nico: Your example is not valid according to RFC2821 and RFC2822. Both state clearly that only 7bit ASCII characters are allowed.. and not even any of those. I better drop such a wrong address than to allow a spammer to abuse by server via some magic header injections. Also, Wikipedia states the following regarding internationalization of the local part: "When EAI is standardized, users will likely have a localized address in a native language script or character set, as well as an ASCII form for communicating with legacy systems or for script-independent use"... Regards.
please read about header injections with email to understand what I'm talking about.
|
0 
function check_email($check) {
$expression = "/^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$/";
if (preg_match($expression, $check)) {
    return true;
} else {
    return false;
} 
}

Call it in if() condition as below example : 

if(!check_email($_REQUEST['ContactEmail'])){
  $register_error ="Enter the correct email address!<br />";
  $reg_error=1; 
}
Improve this answer

2 Comments

can anyone tell me what is the problem in this code bcz a person down the voting. It's working fine.
It wasn't me that down voted but.... that is not a correct to properly filter e-mail addresses, the correct and complete regex an be found here: ex-parrot.com/~pdw/Mail-RFC822-Address.html Secondly using the PHP built in FILTER_VALIDATE_EMAIL would be the correct/best way to filter an e-mail address

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.