Escaping the @ sign

[stevepatd]

I have a form that reads in an email address.  I get things like name@yaoo.com.  I would like to catch these common mistakes and correct them.  However, sometimes the thing I'm looking at is correctly typed on the left side of the @.  So if someone has a valid yaoo@yahoo.com I don't want to make this replacement.  So, I only want to look at what is on the right side of the @.  I have tried including the @ in my compare/replace but that doesn't seem to work at all.  Any ideas how I might do this? 

$action = "first";
if (isset ($_POST['action']))
  $action = $_POST['action'];

if ($action == 'first') {
  print "<form method='post' action='fixResource.php'>";
  print "<input type='text' name='emailIn' value='$emailIn'>\n";
  print "<input type='hidden' name='action' value='second'>\n";
  print "<input TYPE='SUBMIT' NAME='Agree' VALUE='Give this a try'>\n";
  }

if ($action == 'second') {
  $email = $_POST['emailIn'];
  $email = str_ireplace('@yaoo','@yahoo',$email,$change);
  if ($change > 0)
    print "Warning - email address has been changed.<br><br>";
  }

Edited January 25, 2018 by stevepatd

[kicken]

You can use explode to separate the email into two parts and run your checks on the second part.

 

Whatever you do though, do not auto-correct the users email address. If you think they may have made a typo you can prompt them "Hey, did you mean <whatever>?" but always let them push their email through unchanged.

 

I've encountered a few places that thought my email address should have been @aol.com instead of what I entered. Had they automatically fixed it they would have ended up with an incorrect email and probably inadvertently locked me out of my account.

[Zane]

The rule of thumb in designing forms -- or any interface for the matter -- is to NEVER trust the user.  Assume that your users are complete imbeciles.  Because they are imbeciles, they do not think in the same way that you do.  Just because someone put an extra period at the end of their top-level domain (TLD) doesn't mean it was an accident 100% of the time.  Perhaps the user forgot the other part of their TLD because there is more than just ".com".

 

There are at least 50 or more instances of ".com." in the list of all TLDs

 

This is just a handful of examples:

• .com.ai
• .com.cd
• .com.ch
• .com.cn
• .com.ec
• .com.ee
• .com.eg
• .com.es
• .com.et
• .com.fr

The best idea, in your situation, is to validate this as email format.  PHP even has a function for this already built-in to its core.

 

It's called filter_var() .  Using this function, all you have to do is pass it the optional flag to validate a string as a valid email address: FILTER_VALIDATE_EMAIL

 

So, your code would end up looking something like this:

$email = filter_var( $_POST{'email'], FILTER_VALIDATE_EMAiL);

Then, $email will either contain A.) The valid email address B.) a FALSE boolean value.  You then choose how you want your logic to utilize that information.

[requinix]

I get things like name@yaoo.com.  I would like to catch these common mistakes and correct them.

yaoo.com is valid website. It happens to be owned by Yahoo as well, but that's not the point: the only way you can be sure an address is correct is to send them a confirmation email with a link to click or a code to enter on your site. Having them enter it twice on your registration or whatever form is another good idea.

[Sepodati]

The rule of thumb in designing forms -- or any interface for the matter -- is to NEVER trust the user.  Assume that your users are complete imbeciles.

Never trust the data you are given, the user is irrelevant.

[taquitosensei]

yaoo.com is valid website. It happens to be owned by Yahoo as well, but that's not the point: the only way you can be sure an address is correct is to send them a confirmation email with a link to click or a code to enter on your site. Having them enter it twice on your registration or whatever form is another good idea.

Take it a step further have them type in their e-mail twice and don't activate their account until they've clicked the link in the confirmation e-mail.