I have a question in regards to $SERVER['SERVER_NAME'] or $SERVER[HOST']. I want to validate email addresses to try and prevent injection. According to this code, if the email address a malicious perso would try to inject is not of the same domain that the script is installed on, then it will give the message "Invalid Email Address".

I have come up with the following code:

<?php

$domref = $_SERVER['SERVER_NAME'];
$to = 'john@dough.com';
$host = $_SERVER['HTTP_HOST'];


list($user, $maildomain) = split("@", $to);
list($w, $domain) = split("www.", $domref);

if ( $domain == $maildomain ) {
$bob = 'Valid Email Address';
} else {
$bob = 'Email Address Invalid';
}

echo 'The email username is ' , "$username <br>";
echo "<br>";
echo 'The email domain is ' , "$maildomain <br>";
echo "<br>";
echo "This website is $domref or $domain <br>";
echo "<br>";
echo "The host is $host <br>";
echo "<br>";
echo "$bob";

?>

I already know that some of that code is kind of repeating itself as well as I need to write extra coding to fuly perform the rejection action that one would use in a form processing script. I only created some of the extra echo coding to see the differance between $SERVER['SERVER_NAME'] and $SERVER['HOST] as well as a way for me to see that the script is performing the functions I want it to do.

My question is that is there a way to get the host/domain of the website the script is on, but without the WWW part. I have tried both the SERVER_NAME and HOST. I still get www.mywebsite.com. The only workaround I can think of is to split the information as I have done in this script.

Thanks

    Well usually we have this kind of setup in our virtual hosts section(apache):

    ServerName www.mywebsite.com
    ServerAlias mywebsite.com

    $SERVER['SERVER_NAME'] will give you the servername that is put in the webserver.
    $    SERVER['HTTP_HOST'] gives you the actual domainaddress that was used. So if you are using mywebsite.com/index.php it will give you myswebsite.com and with www subdomain it shows you the domain with www 🙂

    So use your split or even better, use preg_replace to get rid of www:

    $domain =  preg_replace('/^www\./','',$_SERVER['HTTP_HOST']);

      Is there a functional preferance of split() over preg_replace? That is, does one work better over the other?

        PHP manual is your friend and bible 🙂

        Go to http://www.php.net. Theres the function search that you can use.
        I would prefer the preg_replace. It strips the "www." from the beginning.

          Write a Reply...