[SOLVED] which is the prefered method to validate email addresses, and why?

[ifubad]

using the function filter_var with the constant FILTER_VALIDATE_EMAIL seems much easier, but a lot of books talks about using regular expression instead. Any opinions would be appreciated?

[nrg_alpha]

The issue with using regex is that if you don't get it right, you risk locking out various valid emails.

 

If you choose to go the regex route, you can read about this issue here (which delves into a very thorough system - the links are all in that post [reply #3]).

 

But personally, I prefer a more 'relaxed / forgiving' method using filter_var, FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_EMAIL. I would rather let more emails in and be less strict as opposed to being too tight-fisted with a regex solution (but that's just my opinion).

[ifubad]

Thank you very much for the explanation  makes sense

[haku]

This is the function Drupal uses to check email addresses:

 

function valid_email_address($mail) {
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(??:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
}

 

Tried and tested with hundreds of thousands of users.

[nrg_alpha]

In one of the links provided in my previous post, there is this one that shows valid / invalid emails tested against certain parsers (and which parsers consider which as such). Seems like there are plenty of various emails that are valid (which perhaps not many people [myself included] would think is valid).

 

When I pass that drupal regex pattern on it, there are apparently some valid emails (according to that top link) that are not valid by drupal:

 

$email = array('"first last"@example.com',
	'"first\"last"@example.com',
	'first.last@1xample.com',
	'first.last@123.example.com',
	'"first\last"@example.com',
	'first.last@x2345678901234567890123456789',
	'"first@last"@example.com'
	);

function valid_email_address($mail) {
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(??:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
}

foreach($email as $val){
    echo $val . ' - ' . valid_email_address($val) . "<br />\n";
}

Aside from drupal's pattern (which looks to be more complex than it needs to be.. ie, no use of modifiers to simplify characters listed within the pattern, characters in character classes that do not need to be escaped but are, etc..), drupal's seems to reject some apparently valid emails.

 

Granted, in all fairness, I suppose it depends on where you create an email account that would allow (or disallow) legal email characters (as my understanding is that the email provider can block out certain yet legal characters from an email account during registration)..

 

But I would wonder how effective that drupal pattern would be on emails overall. As stated by this wikipedia link with regards to email validation (towards the bottom of the page):

 

An email address is generally recognized as having two parts joined with an at-sign (@); this in itself is a basic form of validation. However, the technical specification detailed in RFC 822 and subsequent RFCs goes far beyond this, offering very complex and strict restrictions.

Trying to match these restrictions is a complex task, often resulting in long regular expressions.

 

Given the large solution provided by the iamcal link, (which seems to reflect a long regex solution to match such complex restrictions), it makes me wonder how many legal emails drupal drops in comparison. It might well work for your common jane and john doe emails I suppose...