Only allow email addresses to be submitted

[dachshund]

Hi there,

 

I have a newsletter sign up form which just puts the data (id and email) into a mysql table.

 

To stop people hacking the site, is there a way to make sure the only thing being submitted in the input is an email address?

 

Here's my current form and submit php:

 

<?php

$mailer = $_GET['mailer'];

if ($mailer == 'added')	{

$email=$_POST['email'];

if($email == '')	{
echo '<div class="daily_not_submitted"><span style="padding-right:6px;"><img src="https://store.huhmagazine.co.uk/images/cross.jpg"></span>Please fill in all the fields.</div>';
}else	{

$sql="INSERT INTO `dailymailer` (`email`) VALUES ('$email');";
$result=mysql_query($sql) or die(mysql_error());

if($result){
echo "<div class='daily_submitted'><span style='padding-right:6px;'><img src='http://www.huhmagazine.co.uk/images/uploaded/checkboxtick.jpg'></span>Thank you.</div>";
}
else {
echo "Error\n";
}
}
}
?>

<div id="sidebarnewsletter">
	<form name="mailinglist" method="post" action="?mailer=added">
		<input type="text" name="email" class="sidebarnewsletter" placeholder="Enter Your Email Address" />
		<input type="submit" class="sidebarnewsletter_button" value="Sign Up">
	</form>
	<div class="clear"></div>
</div>

[Anon-e-mouse]

Hello,

 

You could always start with checking to see whether they have included the "@" character in the post via..

 

<?php

    // If they dont have the "@" character..
    if(!strstr($_POST['userEmail'], '@')){

        // Do something.

    }

?>

 

[Nodral]

There's load of great articles and tutorials about form validation out there.

 

Try Googling it!!!

[ricmetal]

like nodral pointed out google for email validating functions in php

htl5 has a reserved input which accepts valid email only, but i'm not sure if it works well, not to mention the user must use a html5 ready browser.