Email Validations, the Right Way Blogpost Cover

Email Validations, the Right Way

Recently, I’ve been to quite a few website that require my email, either for launch notifications or for registration. Now, most of you might know that GMail allows you to add the + sign in your emails and it will still reach your email for sorting purposes.

E.g. I may use salmon+posterous[at]aprilism.com for emails from posterous, and maybe +junk for one-off things like bypassing downloads etc.

So, naturally, I used these + tags for junks etc. I was filling up the informations on the page like a ninja, tabbing and typing everywhere, it is until I click the submit button, that I was re-directed back to the form.

So I thought to myself, ah, I must’ve typed the passwords too fast so they don’t match. As I scroll down, I see the password’s perfectly fine. But the email field was lighted up bright red.

What?

Apparently, the site’s regex for email validation don’t allow any other signs except the @ sign.

Whoa, whoa, whoa, slow down there. What?! No + signs? Well, I didn’t bother to try using the . symbol in my email though. So, I sighed and closed the tab.

So now, you may ask, what is the right way to doing it? I’m glad you asked.

Well, you might know that recently, my creative studio got shafted by our webhost and we lost all data on it. So we got to re-script our home page, and that meant recoding our landing page. And I thought it’s a good time to do a more interesting front page considering how I’m already 70% done with the new site, so I implemented a mailing list to the front page, allowing visitors to add their email to the mailing list.

I saw a problem, how am I going to do a valid email validation?

Now, there’re several methods to do it. You could write a messy regex and make sure or alternatively you could also use PHP built in functions, it’s really up to you but I’ll be introducing both today.

The Regex Method

<?php

//Regex check for email format
if(!preg_match("/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is", $email)){
    echo 'Oops, please enter a valid email';
}
else{
    $sql = "INSERT INTO email VALUES (NULL, '$email', '$time');";

    if(mysql_query($sql)){
        echo 'Thank you, you have been added to our mailing list';
    }
    else{
        echo 'Error adding email to database';
    }
}

?>  

The regex allows emails with most common symbols in emails. Simple right, yeah, except we all hate Regex.

The PHP Built-In Method

Now, my preferred method:

<?php

//Check if email is of correct syntax
if(filter_var($email, FILTER_VALIDATE_EMAIL) === false){
    echo 'Oops, please enter a valid email';
}
else{
    $domain = explode("@", $email, 2);
    if(checkdnsrr($domain[1])){
        $sql = "INSERT INTO email VALUES (NULL, '$email', '$time');";
        if(mysql_query($sql)){
            echo 'Thank you, you have been added to our mailing list';
        }
        else{
            echo 'Error adding email to database';
        }
    }
    else{
        echo 'Domain is invalid.';
    }
}

?>  

So here, we use the filter_var function to check if the email is valid, and then use check if the DNS of the domain is valid using checkdnsrr, if all goes well, we’ll insert it into the database.

So there you have it!

Pick whichever floats your boat, but clearly, using the PHP method has 3 advantage:

  1. You can weed out invalid domain names.
  2. You don’t have to mess with Regex.
  3. See reason #2 again.

I think the fact that there’s no regex involved is already a winner by itself, don’t you think?

Leave a comment:

Top