Is validating an email address necessary?
Results 1 to 14 of 14

Thread: Is validating an email address necessary?

  1. #1
    Junior Member
    Join Date
    Oct 2012
    Posts
    15

    Is validating an email address necessary?

    If I'm using
    Code:
    input type="email"
    in html, is filter validate still needed?

  2. #2
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,618
    That's a fairly open-ended question. Are you putting the user-supplied "address" in the DB? If so, sanitize it.

    Are you trying to make sure that the user is a legitimate contact? Decide how far you want to go with checking. The extreme case would be something like sending an email to that address and requiring a click ... something similar to the registration process for a half-billion web sites.

    Are you going to ignore the input? No validation necessary
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  3. #3
    Junior Member
    Join Date
    Oct 2012
    Posts
    15
    Well, it's going to be used to email the form somewhere? not stored.

  4. #4
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,348
    Never rely on any client-side validation - always duplicate it on the server-side as well.

  5. #5
    Senior Member
    Join Date
    Jul 2007
    Posts
    3,619
    There's no guarantee posted data will even be sent using your form. A user can send that any way they see fit, assuming they have the skills to make an http post or get request, which isn't comlicated at all.

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Iowa, USA
    Posts
    132
    Personally, I always start out by making all my input fields type="text", then I validate and sanitize it with PHP, then I'll do the same with jQuery/Javascript, then finally I will change the input type to the correct version and tag a required tag on it (if it is required of course).

    Is it really necessary? Probably not, but I would rather over validate user input then under validate it. Users are tricky, and some of them are still surfing on way old browsers that don't recognize the input type="email" fields.

  7. #7
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,618
    Quote Originally Posted by fire_cracker View Post
    I validate and sanitize it with PHP, then I'll do the same with jQuery/Javascript
    Did I hear that right? JS first, then PHP ... or I am missing something fundamental about the way browsers and servers communicate?
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  8. #8
    Senior Member Derokorian's Avatar
    Join Date
    Apr 2011
    Location
    Denver
    Posts
    1,740
    I believe he means he adds validation to php, and then when that's functional goes and adds it to javascript.
    Sadly, nobody codes for anyone on this forum. People taste your dishes and tell you what is missing, but they don't cook for you. ~anoopmail
    I'd rather be a comma, then a full stop.
    User Authentication in PHP with MySQLi - Don't forget to mark threads resolved - MySQL(i) warning

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Location
    Iowa, USA
    Posts
    132
    yeah, I build the PHP validation first, because if I am doing it in JS first, then it wouldn't likely hit the PHP validation layer, until I get a user who has JavaScript disabled, and they would be the ones who screw up my world lol.

  10. #10
    Senior Member
    Join Date
    Mar 2009
    Location
    Canada
    Posts
    794
    Quote Originally Posted by fire_cracker View Post
    yeah, I build the PHP validation first, because if I am doing it in JS first, then it wouldn't likely hit the PHP validation layer, until I get a user who has JavaScript disabled, and they would be the ones who screw up my world lol.
    You can always disable JavaScript in your browser to test it.
    Prison of Mirrors
    Declare variables, not war.

  11. #11
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,618
    Quote Originally Posted by Derokorian View Post
    I believe he means he adds validation to php, and then when that's functional goes and adds it to javascript.
    Ah, indeed. One of the reasons that, most days, I like PHP better than English

    As it turns out, I do it in the same order; I don't know why I was thinking like a computer instead of like a programmer. Or, perhaps, I do.
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

  12. #12
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,816
    Quote Originally Posted by rewind View Post
    Well, it's going to be used to email the form somewhere? not stored.
    So now you need to ask yourself (or your business analysts, etc.):
    (1) What bad things happen if the user accidentally enters an invalid address (one that for any reason cannot reach an actual e-mailbox)?
    (2) What bad things happen if the user intentionally (or accidentally, for that matter) enters someone else's email address? *

    The answers to these and any other similar questions you might think of will help you decide how you want to go about validating it.
    __________
    * As a pretty bad case: imagine if this is a porn-related site, and you periodically send out explicit ads to the registered email addresses, and the user intentionally or accidentally enters a real address for someone else, who happens to be under-age.
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because he’s a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  13. #13
    Senior Member traq's Avatar
    Join Date
    Jun 2011
    Location
    so.Cal
    Posts
    949
    Quote Originally Posted by NogDog View Post
    * As a pretty bad case: imagine if this is a porn-related site, and you periodically send out explicit ads to the registered email addresses, and the user intentionally or accidentally enters a real address for someone else, who happens to be under-age.
    As an even worse case, imagine they entered billy@email.com, joey @email.com, sally@email..., etc., etc..

  14. #14
    Settled 4 red convertible dalecosp's Avatar
    Join Date
    Jul 2002
    Location
    Accelerating Windows at 9.81 m/s....
    Posts
    7,618
    or "email-server-list@fbi.gov", "members@house.gov", etc...
    /!!\ mysql_ is deprecated --- don't use it! Tell your hosting company you will switch if they don't upgrade! /!!!\ ereg() is deprecated --- don't use it!

    dalecosp "God doesn't play dice." --- Einstein "Perl is hardly a paragon of beautiful syntax." --- Weedpacket

    Getting Help at All --- Collected Solutions to Common Problems --- Debugging 101 --- Unanswered Posts --- OMBE: Office Machines, Business Equipment

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •