email validation and send email in php

safiVA

Hi,

I am trying to validate email then send the email if correct email. Below code is not working for me.

any help?

Thanks.

<?php
$errors = '';
$myemail = 'example@example.com';
if(empty($_POST['name']) ||
empty($_POST['email']) ||
empty($_POST['message']))
{
$errors .= "\n Error: all fields are required";
}
$name = $_POST['name'];
$email_address = $_POST['email'];
$message = $_POST['message'];
if (!preg_match(
"/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i",
$email_address))
{
$errors .= "\n Error: Invalid email address";
}
Else
mail("example@example.com", "$subject", $message, "From:" . $email);
echo "Thank you for using our mail form";

?>

--i entered invalid email address but it cant verify that it is invalid. i was expecting error message. if valid email, then just send the email.

Thanks.

Derokorian

you should use filter_var($email_address,FILTER_VALIDATE_EMAIL) filter_var()

bradgrafelman

Derkorian's suggestion is one I was going to make as well; your regular expression rejects perfectly valid e-mail addresses like [noparse]foo+bar@example.com[/noparse] and generally doesn't follow the RFC that dictates what is or isn't a valid e-mail address.

Other than that, however, what do you ever do with the $errors variable if an error does occur?

sneakyimp

Your code is full of mistakes. You define $myemail and then never use that var again. You define $name and never use that either.

Then you call the mail function to send mail to a fake email address using variables you have not previously defined:

mail("example@example.com", "$subject", $message, "From:" . $email);

You are probably sending a lot of junk email to some poor bastard whose email address is example@example.com that has no $subject and no From address because you never bothered to define $email.

Perhaps most importantly, the script you are writing is easily an open relay that can be abused by any spam sender on the internet to send whatever message they want to whomever they like using header injection (q.v.).

Weedpacket

sneakyimp wrote:
You are probably sending a lot of junk email to some poor bastard whose email address is example@example.com

example.com is the correct domain to use (see example.com). It's the people who use "mydomain.com" as their example domain you should be talking to.

johanafm

While filter_var usually does a better job than most home cooked reg exps, it still doesn't properly accept valid email addresses. If you want to do it properly, find an RFC compliant validator to do the job for you.

bradgrafelman

johanafm;10994877 wrote:
While filter_var usually does a better job than most home cooked reg exps, it still doesn't properly accept valid email addresses.

Any chance you could give a few examples?

bradgrafelman

Weedpacket;10994839 wrote:
example.com is the correct domain to use (see example.com).

Not only that, but you might notice this as well:

Last edited by bradgrafelman; Today at 08:34 AM. Reason: PHP bbcode tags added, email address obfuscated

johanafm

bradgrafelman;10994898 wrote:
Any chance you could give a few examples?

Well, perhaps I was too quick to comment and they have finally fixed it all. It has been a long while since I checked.

As I recall, comments, folding, top level domain as well as some of the non-alphabetical characters that should require no quoting are all reported as invalid.

PsyNor

filter_var() only solves half of the validation problem because it fails on multi-byte. You have to create a punycode string that you validate with filter_var().

I suggest you check out PHP's idn_* functions