PHP email validation function [duplicate]

This question already has answers here: How to validate an Email in PHP? 开发者_StackOverflow社区 (7 answers) Closed 8 years ago.

Is there an equivalent to mysql_real_escape_string() for email injection? I have a form where the user submits their email. I am afraid that someone could insert a comma separated list of emails and use my site for spamming.

---

You can use filter_var to validate the e-mail address:

if (!filter_var($address, FILTER_VALIDATE_EMAIL)) {
    // invalid e-mail address
}

---

Simply validate the field against a commonly found regular expression for single email address

function validate_email($e){
    return (bool)preg_match("`^[a-z0-9!#$%&'*+\/=?^_\`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_\`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$`i", trim($e));
}

---

For those with older versions

/*
    # PHP Email Validation for versions LESS than PHP 5.2.0)
*/
$strEmail= mysql_real_escape_string($_POST['email_e']);
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $strEmail)){

        // valid email

        } else {

        // not a valid email
}

---

If your primary concern is, as the question states, to verify that users have not attempted to trick you into spamming for them by entering a comma-separated list of addresses, then isn't the obvious answer to simply check whether there are any commas in the user's input?

---

I found that good email validation is not that simple, so just decided to check if "@" and "." is in the string.

function email_valid($email){
    /* EMAIL VALIDATION, CHECKS IF STRING CONTAINS "@" and "."  */

    if( strpos($email, "@") AND strpos($email, ".") ){
        return TRUE;
    }
    else {
        return FALSE;
    }
}

P.S. if you don't use PDO prepared statements for writing to database, BE SURE to filter out symbols which may cause sql injection

---

It would be simpler to check the total string length - ie local part max 64 + the @ + domain section max 255 characters = 320 characters, but then spamming short addresses would still be possible. I am currently researching email validation for my project and found this interesting article email validation which explains in-depth valid email addresses and the rfc2822. There they suggest a much simpler way to validate that would prevent comma separated lists being an effective form of spamming.

$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
   $isValid = false;
}
else
{
   $domain = substr($email, $atIndex+1);
   $local = substr($email, 0, $atIndex);
   // ... work with domain and local parts
}

This simply breaks the email address down by finding the last @ sign and declares all that passes before it to be the local part of the address which has a limit of 64 characters. If there is no @ sign then strrpos will return a bolean value of false. I will be making use of this in my validation function.