Jump to content

Escaping the @ sign


Go to solution Solved by kicken,

Recommended Posts

I have a form that reads in an email address.  I get things like name@yaoo.com.  I would like to catch these common mistakes and correct them.  However, sometimes the thing I'm looking at is correctly typed on the left side of the @.  So if someone has a valid yaoo@yahoo.com I don't want to make this replacement.  So, I only want to look at what is on the right side of the @.  I have tried including the @ in my compare/replace but that doesn't seem to work at all.  Any ideas how I might do this? 

$action = "first";
if (isset ($_POST['action']))
  $action = $_POST['action'];

if ($action == 'first') {
  print "<form method='post' action='fixResource.php'>";
  print "<input type='text' name='emailIn' value='$emailIn'>\n";
  print "<input type='hidden' name='action' value='second'>\n";
  print "<input TYPE='SUBMIT' NAME='Agree' VALUE='Give this a try'>\n";
  }

if ($action == 'second') {
  $email = $_POST['emailIn'];
  $email = str_ireplace('@yaoo','@yahoo',$email,$change);
  if ($change > 0)
    print "Warning - email address has been changed.<br><br>";
  }
Edited by stevepatd
Link to comment
https://forums.phpfreaks.com/topic/306324-escaping-the-sign/
Share on other sites

  • Solution

You can use explode to separate the email into two parts and run your checks on the second part.

 

Whatever you do though, do not auto-correct the users email address. If you think they may have made a typo you can prompt them "Hey, did you mean <whatever>?" but always let them push their email through unchanged.

 

I've encountered a few places that thought my email address should have been @aol.com instead of what I entered. Had they automatically fixed it they would have ended up with an incorrect email and probably inadvertently locked me out of my account.

Link to comment
https://forums.phpfreaks.com/topic/306324-escaping-the-sign/#findComment-1555738
Share on other sites

The rule of thumb in designing forms -- or any interface for the matter -- is to NEVER trust the user.  Assume that your users are complete imbeciles.  Because they are imbeciles, they do not think in the same way that you do.  Just because someone put an extra period at the end of their top-level domain (TLD) doesn't mean it was an accident 100% of the time.  Perhaps the user forgot the other part of their TLD because there is more than just ".com".

 

There are at least 50 or more instances of ".com." in the list of all TLDs

 

This is just a handful of examples:

  • .com.ai
  • .com.cd
  • .com.ch
  • .com.cn
  • .com.ec
  • .com.ee
  • .com.eg
  • .com.es
  • .com.et
  • .com.fr

The best idea, in your situation, is to validate this as email format.  PHP even has a function for this already built-in to its core.

 

It's called filter_var() .  Using this function, all you have to do is pass it the optional flag to validate a string as a valid email address: FILTER_VALIDATE_EMAIL

 

So, your code would end up looking something like this:

$email = filter_var( $_POST{'email'], FILTER_VALIDATE_EMAiL);

Then, $email will either contain A.) The valid email address B.) a FALSE boolean value.  You then choose how you want your logic to utilize that information.

Link to comment
https://forums.phpfreaks.com/topic/306324-escaping-the-sign/#findComment-1555741
Share on other sites

I get things like name@yaoo.com.  I would like to catch these common mistakes and correct them.

yaoo.com is valid website. It happens to be owned by Yahoo as well, but that's not the point: the only way you can be sure an address is correct is to send them a confirmation email with a link to click or a code to enter on your site. Having them enter it twice on your registration or whatever form is another good idea.
  • Like 1
Link to comment
https://forums.phpfreaks.com/topic/306324-escaping-the-sign/#findComment-1555745
Share on other sites

yaoo.com is valid website. It happens to be owned by Yahoo as well, but that's not the point: the only way you can be sure an address is correct is to send them a confirmation email with a link to click or a code to enter on your site. Having them enter it twice on your registration or whatever form is another good idea.

Take it a step further have them type in their e-mail twice and don't activate their account until they've clicked the link in the confirmation e-mail. 

Link to comment
https://forums.phpfreaks.com/topic/306324-escaping-the-sign/#findComment-1555788
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.