tomhoad Posted May 22, 2009 Share Posted May 22, 2009 Hi there I am using this function to do a very simple email validation: function checkEmail($email) { if(eregi("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$]", $email)) { return FALSE; } } $email = mysql_real_escape_string($_POST['email']); if(checkEmail($email) == FALSE) { echo "<p class=\"thankyou\">E-mail entered is not valid</p>"; } else { $comp_name = "Great competition!"; $query = " INSERT INTO comps (email, comp_name) ". " VALUES ('$email','$comp_name')"; mysql_query($query) or die('Error ,query failed'); echo "<p class=\"thankyou\">Thanks for entering!</p>"; } However, it always returns FALSE, even if it's a valid email. I think it's the way I'm suign mysql real escape string with it. Can anyone point me in the right direction? Quote Link to comment Share on other sites More sharing options...
joesaddigh Posted May 22, 2009 Share Posted May 22, 2009 Would it not be easier to use javascript. Im new to all of this but i have used some email validation in my script. The javascript code is as follows. <script type="text/javascript"> var msg = ''; function validate_form() { valid = true; if(checkEmail(document.enrolment.email.value) == false) { msg=msg+"Email address is not valid.\n"; valid = false; } if(msg=="" && valid ==true) { MM_popupMsg('Registration Complete!') register.submit(); } else { msg = "You have the following errors which must be corrected to enrol: \n" + msg; alert (msg); //Initialise variable msg = ''; } return valid; } //Display Message Registration complete function MM_popupMsg(msg) { alert(msg); } //Check that email address is a valid format function checkEmail(toCheck) { if (/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(toCheck)) { return (true) } return (false) } Hope this is of some help Quote Link to comment Share on other sites More sharing options...
tomhoad Posted May 22, 2009 Author Share Posted May 22, 2009 Hi thanks for the reply. I have zero knowledge of javascript, would prefer to edit what I already have half-working. Thanks anyway Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 22, 2009 Share Posted May 22, 2009 This should work : <?php $email = "tes.t@hotmail.Com"; if (!eregi("^[a-z0-9\-\_\.\%\+]+@[a-z0-9\-\_]+\.[a-z]+$", $email)) { echo "Invalid Email! ".$email; } else { echo "Valid Email! ".$email; } ?> However it won't work for email address using IP address instead of a domain name. It may return some false positive and probably need to be better tested before use. Quote Link to comment Share on other sites More sharing options...
tomhoad Posted May 22, 2009 Author Share Posted May 22, 2009 The $email variable is coming from a form, hence the $POST. I need to use mysql_real_escape_string, as well as validating that variable. Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 22, 2009 Share Posted May 22, 2009 Take the example i gave you and put it in your code. And no regular expression aren't vulnerable to SQL injection so escape your string after you have tested it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.