validate input

[2wasted]

lo all,
i have a simple form that posts fine 2 a mysql, but i want to check that there is something in the email textbox. So i did this...
//validate email
$var = $_POST['email'];
$len = strlen($var);
if($len >0)
{
$query = "INSERT INTO onlineform VALUES ('','$name','$Cname','$email','$Query')";
mysql_query($query);

mysql_close();
}
else
{
echo "Error:Please fill in your email address";
}
?>
its does not work:-(
thx for any help
Charlie

[thepip3r]

just change your error checking to

[code]if (!$_POST['email']) {
  echo "error, no email addy";
  exit;
}[/code]

u need to also do a much more thorough check on an email address using preg_match() or something like that.

[2wasted]

do i just put in ur bit of code instead of the stuff i done??
i tryed that and the error was on the page on load..
cheers
Charlie

[Ninjakreborn]

[code]<?php
//validate email
// setup errorhandler
$errorhandler = "";
// setup email check
$regexemail =
"^[A-Za-z0-9\._-]+@([A-Za-z0-9][A-Za-z0-9-]{1,62})(\.[A-Za-z][A-Za-z0-9-]{1,62})+$";
// validation on email
if ($_POST['email'] == "") {
$errorhandler .= "Email was left blank";
}
if (!ereg("$regexemail", $email)) {
$errorhandler .= "The email address is improperly formatted<br />";
}
if(!(getmxrr(substr(strstr($email, '@'), 1), $temp)) || checkdnsrr(gethostbyname(substr(strstr($email, '@'), 1)), "ANY")) {
$errorhandler .= "The Domain name for the email address does not exist<br />";
}
if ($errorhandler != "") {
echo "<span style=\"color:red;\">";
echo $errorhandler;
echo "</span>";
}
if ($errorhandler == "") {
$var = mysql_real_escape_string($_POST['email']);
$len = strlen($var);
if ($len >0) {
$query = "INSERT INTO onlineform VALUES ('','$name','$Cname','$email','$Query')";
mysql_query($query);

mysql_close();
  }
}
?>[/code]
That will checl
1. if the email is blank
2. if it's formatted correctly
3. if it's dns(domain name), is real or not(not 100% accurate, but effective nonetheless));

[2wasted]

thx alot m8
Charlie