tomhoad Posted May 22, 2009 Share Posted May 22, 2009 Hi there I am using this function to do a very simple email validation: function checkEmail($email) { if(eregi("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $email)) { return FALSE; } } $email = mysql_real_escape_string($_POST['email']); if(checkEmail($email) == FALSE) { echo "<p class=\"thankyou\">E-mail entered is not valid</p>"; } else { $comp_name = "Great competition!"; $query = " INSERT INTO comps (email, comp_name) ". " VALUES ('$email','$comp_name')"; mysql_query($query) or die('Error ,query failed'); echo "<p class=\"thankyou\">Thanks for entering!</p>"; } However, it always returns FALSE, even if it's a valid email. I think it's the way I'm suign mysql real escape string with it. Can anyone point me in the right direction? Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/ Share on other sites More sharing options...
joesaddigh Posted May 22, 2009 Share Posted May 22, 2009 Would it not be easier to use javascript. Im new to all of this but i have used some email validation in my script. The javascript code is as follows. <script type="text/javascript"> var msg = ''; function validate_form() { valid = true; if(checkEmail(document.enrolment.email.value) == false) { msg=msg+"Email address is not valid.\n"; valid = false; } if(msg=="" && valid ==true) { MM_popupMsg('Registration Complete!') register.submit(); } else { msg = "You have the following errors which must be corrected to enrol: \n" + msg; alert (msg); //Initialise variable msg = ''; } return valid; } //Display Message Registration complete function MM_popupMsg(msg) { alert(msg); } //Check that email address is a valid format function checkEmail(toCheck) { if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(toCheck)) { return (true) } return (false) } Hope this is of some help Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/#findComment-840071 Share on other sites More sharing options...
tomhoad Posted May 22, 2009 Author Share Posted May 22, 2009 Hi thanks for the reply. I have zero knowledge of javascript, would prefer to edit what I already have half-working. Thanks anyway Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/#findComment-840078 Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 22, 2009 Share Posted May 22, 2009 This should work : <?php $email = "[email protected]"; if (!eregi("^[a-z0-9\-\_\.\%\+]+@[a-z0-9\-\_]+\.[a-z]+$", $email)) { echo "Invalid Email! ".$email; } else { echo "Valid Email! ".$email; } ?> However it won't work for email address using IP address instead of a domain name. It may return some false positive and probably need to be better tested before use. Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/#findComment-840137 Share on other sites More sharing options...
tomhoad Posted May 22, 2009 Author Share Posted May 22, 2009 The $email variable is coming from a form, hence the $POST. I need to use mysql_real_escape_string, as well as validating that variable. Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/#findComment-840141 Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 22, 2009 Share Posted May 22, 2009 Take the example i gave you and put it in your code. And no regular expression aren't vulnerable to SQL injection so escape your string after you have tested it. Link to comment https://forums.phpfreaks.com/topic/159277-very-simple-email-validation-mysql_real_escape_string/#findComment-840152 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.