Jump to content

Recommended Posts

Hi,

 

Not sure why I have added if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', user still can add a bunch of invalid texts which still be able to added into database?

 

Here are the scripts:

<?php
//set up  a couple of functions
function doDB(){
	global $conn;
	//connect to server and select database; you may need it
	$conn = mysql_connect('localhost','root','root') or die (mysql_error());
	mysql_select_db('photos') or die (mysql_error());
}

function emailChecker($email){
	global $conn, $check_result;
	//check that email is not already in list
	$check = "select id from subscribers where email = '$email'";
	$check_result = mysql_query($check, $conn) or die(mysql_error());
}

function valid_email($email)
{
  // check an email address is possibly valid
  if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $email))
    return true;
  else 
    return false;
}

//determine if they need to see the form or not
if($_POST[op] !="ds"){
	//they do, so create form block
	$display_block = "
		<form method=POST action=\"$_SERVER[php_SELF]\" class='rmessage'>
		<p><b>Your email address:</b><br>
		<input type=text name=\"email\" size=40 maxlength=150>
		<p><b>Action:</><br>
		<input type=radio name=\"action\" value=\"sub\" checked>Subscribe
		<input type=radio name=\"action\" value=\"unsub\">Unsubscribe
		<input type=\"hidden\" name=\"op\" value=\"ds\">
		<p><input type=submit name=\"submit\" value=\"Submit Form\"></p>
		</form>";
}else if(($_POST[op] == "ds") && ($_POST[action] == "sub")){
	//trying to subscribe; validate email address
	if($_POST[email] == ""){
		header("Location: manage.php");
		exit;
	}
	//connect to database
	doDB();
	//check that email is in list
	emailChecker($_POST[email]);

	//get number of results and do action
	if(mysql_num_rows($check_result) < 1){
		//add record
		$sql = "insert into subscribers values('','$_POST[email]')";
		$result = mysql_query($sql) or die (mysql_error());
		$display_block = "<div style='background-color:#FFFFCC; width:50%; margin-left:auto; margin-right:auto; font-family:Arial, Helvetica, sans-serif; font-size:12px; padding-top:20px; padding-left:10px; padding-right:10px;padding-bottom:10px; border:solid 1px #000;'>Thanks for signing up!<br><br><a href='manage.php'>Subscribe it</a><br><a href='/index.php'>Go back HOME</a></div>";
	}else {
		//print failure message
		$display_block = "<div style='background-color:#FFFFCC; width:50%; margin-left:auto; margin-right:auto; font-family:Arial, Helvetica, sans-serif; font-size:12px; padding-top:20px; padding-left:10px; padding-right:10px; padding-bottom:10px; border:solid 1px #000;'>You're already subscribed!<br><br><a href='manage.php'>Subscribe it</a><br><a href='/index.php'>Go back HOME</a></div>";
	}
}else if(($_POST[op] == "ds") && ($_POST[action] == "unsub")){
	//trying to unsubscribe; variable email address
	if($_POST[email] == ""){
		header("Location: manage.php");
		exit;
	}
	//connect to database
	doDB();
	//check that  email is in list
	emailChecker($_POST[email]);

	//get number of results and do action
	if(mysql_num_rows($check_result) < 1){
		//print failure message
		$display_block = "
		<div style='background-color:#FFFFCC; width:50%; margin-left:auto; margin-right:auto; font-family:Arial, Helvetica, sans-serif; font-size:12px; border:solid 1px #000; padding-top:20px; padding-left:10px; padding-right:10px;padding-bottom:10px;'>Couldn't find your address!<br>No action was taken.<br><br><a href='manage.php'>Subscribe it</a><br><a href='/index.php'>Go back HOME</a></div>";
	}else{
		//unsubscribe the address
		$id = mysql_result($check_result, 0, "id");
		$sql = "delete from subscribers where id ='$id'";
		$result = mysql_query($sql) or die(mysql_error());
		$display_block = "<div style='background-color:#FFFFCC; width:50%; margin-left:auto; margin-right:auto; font-family:Arial, Helvetica, sans-serif; font-size:12px; border:solid 1px #000; padding-top:20px; padding-left:10px; padding-right:10px;padding-bottom:10px;'>You're unsubscribed!<br><br><a href='manage.php'>Subscribe it</a><br><a href='/index.php'>Go back HOME</a></div>";
	}
}
?>

<html>
<head>
    <title>Subscribe/Unsubscribe</title>
    <style>
	h1{font-family:Arial, Helvetica, sans-serif; font-size:16px; background-color:#FF9900; height:40px; padding:10px 0 0 10px;}
	body {background-color: #666666;}
	.top{height:60px; background-color:#FFCC33; width:50%; margin-left:auto; margin-right:auto; padding:10px; border-top:solid 1px #000;border-left:solid 1px #000;border-right:solid 1px #000;}
	.rmessage{background-color:#FFFFCC; width:50%; margin-left:auto; margin-right:auto; font-family:Arial, Helvetica, sans-serif; font-size:12px; padding:10px; border:solid 1px #000;}
</style>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"></head>
    <body>
    	<div class="top"><h1>Subscribe/Unsubscribe</h1><div style="font-family:Arial, Helvetica, sans-serif; font-size:10px; color:#666666; padding-top:5px;">We'll send you our News Letter frequently</div></div>
        <?php echo "$display_block"; ?>
    </body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/72690-problem-of-valiadation-of-email/
Share on other sites

Use this I think it works better...

 

<?php
function valid_email($email) {
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
        return false;
    }
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
            if (!ereg("^(([A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~-][A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
                return false;
    }
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
	return false;
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
	if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
	    return false;
	}
    }
}
return true;
}
?>

sorry Aureole, but i have to disagree..

 

Simple check i use, you could check the domain exists but i hardly see the point!

i use member email activation!!

 

if (eregi('^[A-Z0-9._%+-]+@([A-Z0-9-]+\.)+[A-Z]{2,4}$', $email))
{
# valid email
} else {
# invalid email
}

IF the one you posted is surposed to be a RFC 2822 Standard you could use

if(eregi("(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(??:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(??:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])",$email)) {
//email found
} else {
# email failed
}

 

but this is NOT recommended! to use it,

will it valid the email yes..

 

personally i think your just using up more processing power then needed and have more areas of problems.. the one i use is simple and, true is doesn't check for max 64 chars etc... but if someone was going to fake an email mail.. it would probably be formatted correcltly (on atleast their 3rd attempt)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.