Even better; ditch the regex and send a "verification" e-mail to the address provided. If this is for an account registration, then don't flag the account as active/valid until the (unique and hard to guess) URL in the e-mail has been visited.

The reason I say this is because it's going to be nearly impossible to find a single regexp pattern than can validate the various e-mail addresses in existence today with 100% reliability. Simply sending out a verification e-mail, however, is a reliable method.

You are right. I will do that, but it will take a while to implement on a lot of pages. The regex is on one page in a function. Will the second one above let email addresses like:
me.you@we.com through, while protecting against obviously bad emails.

if you have the ext installed, the FILTER_VALIDATE_EMAIL is great

I remember Nog Dog posting this link. At the bottom of the page, there is a 'simplified' version of an email parser. Throughout the page, the author explains things as he goes (it is admittedly a bit of a difficult read).

Depending on how deep you want to go, there is a download link that the bottom of that page that points to a full fledged RFC 3696 parser (be warned, it's a large chunk of code - in part due to comments).

You can view this list of examples of what the different parsers match (the most right hand column is the one you want (RFC 3696)). As you can see, things can get large and complex, but it is do-able.

As for me, I don't even bother with trying to validate emails using regex. I prefer to use a more 'loose' validation system by using filter_var() in conjunction with flags like FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_EMAIL. It isn't a super strict system, but not too loose that it will allow anything as an email address.

Just checking how to replace preg with filter var

function validate_email($the_email)
{

if (filter_var($the_email,VALIDATE_EMAIL))
{
return true;
}
else
{
return false;
}

Will that work?

You can have a look at Nog's site, including an update as well.

As for me, I simply went with:

function validate_email($the_email){
	return(filter_var(filter_var($the_email, FILTER_SANITIZE_EMAIL),FILTER_VALIDATE_EMAIL))? true : false ;
}

It's far from bulletproof, then again, it isn't meant to be. I'm not storing stuff in databases for mass emailing or anything like that (It's just so I can see the email address of the sender when someone email's me through my site), so for me personally, I prefer the 'relaxed' system.. but while I haven't tried Nog's solution, it may be something worth looking into (including the update of course) if you need something more strict.

As for making sure that someone at least enters a validly constructed e-mail address that you can send a verification e-mail to, I use the following:

if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['email'])){
        echo "valid e-mail address!";
} else {
        echo "invalid e-mail address!";
}

It will accept those addresses with periods in the prefix...

@

I would use preg (part of PCRE - Perl Compatible Regular Expressions) instead of ereg (which is POSIX), as PHP 6 will no longer have POSIX included within the core by default. So it's best to future proof your code.

And even then, if going for the more strict/controlled validation method, I would still recommend using either Nog Dog's code in his email validation post (previous post links) or iamcal's (provided in my first response).

The problem with that is it also allows the email address to start with a period (.)

I ended up with this, which solved my problem with the allowing the periods, but it also allows the email address to start with a period:

preg_match('/^{([0-9][A-z0-9-].?)[A-z0-9-]+[@][A-z0-9-]+([.][A-z0-9-]+)*[.][A-z]{2,4}$/',$the_email)}

I decided to go with the FILTER_VALIDATE_EMAIL option