php PHP电子邮件验证功能
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2146331/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP email validation function
提问by Brian
Is there an equivalent to mysql_real_escape_string() for email injection? I have a form where the user submits their email. I am afraid that someone could insert a comma separated list of emails and use my site for spamming.
是否有相当于 mysql_real_escape_string() 的电子邮件注入?我有一个用户提交电子邮件的表单。我担心有人会插入一个逗号分隔的电子邮件列表,并使用我的网站发送垃圾邮件。
回答by Gumbo
You can use filter_varto validate the e-mail address:
您可以使用filter_var来验证电子邮件地址:
if (!filter_var($address, FILTER_VALIDATE_EMAIL)) {
// invalid e-mail address
}
回答by mauris
Simply validate the field against a commonly found regular expression for single email address
只需根据单个电子邮件地址的常见正则表达式验证该字段
function validate_email($e){
return (bool)preg_match("`^[a-z0-9!#$%&'*+\/=?^_\`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_\`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$`i", trim($e));
}
回答by TheBlackBenzKid
For those with older versions
对于那些使用旧版本的人
/*
# PHP Email Validation for versions LESS than PHP 5.2.0)
*/
$strEmail= mysql_real_escape_string($_POST['email_e']);
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $strEmail)){
// valid email
} else {
// not a valid email
}
回答by Tomas
I found that good email validation is not that simple, so just decided to check if "@" and "." is in the string.
我发现好的电子邮件验证并没有那么简单,所以决定检查“@”和“。” 在字符串中。
function email_valid($email){
/* EMAIL VALIDATION, CHECKS IF STRING CONTAINS "@" and "." */
if( strpos($email, "@") AND strpos($email, ".") ){
return TRUE;
}
else {
return FALSE;
}
}
P.S. if you don't use PDO prepared statements for writing to database, BE SURE to filter out symbols which may cause sql injection
PS 如果你不使用 PDO 准备语句写入数据库,一定要过滤掉可能导致 sql 注入的符号
回答by Weedy101
It would be simpler to check the total string length - ie local part max 64 + the @ + domain section max 255 characters = 320 characters, but then spamming short addresses would still be possible. I am currently researching email validation for my project and found this interesting article email validationwhich explains in-depth valid email addresses and the rfc2822. There they suggest a much simpler way to validate that would prevent comma separated lists being an effective form of spamming.
检查总字符串长度会更简单 - 即本地部分最大 64 + @ + 域部分最大 255 个字符 = 320 个字符,但仍然可以发送垃圾邮件短地址。我目前正在研究我的项目的电子邮件验证,并发现了这篇有趣的文章电子邮件验证,它深入解释了有效的电子邮件地址和 rfc2822。他们提出了一种更简单的验证方法,可以防止逗号分隔列表成为有效的垃圾邮件形式。
$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
}
else
{
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
// ... work with domain and local parts
}
This simply breaks the email address down by finding the last @ sign and declares all that passes before it to be the local part of the address which has a limit of 64 characters. If there is no @ sign then strrpos will return a bolean value of false. I will be making use of this in my validation function.
这只是通过找到最后一个@ 符号来分解电子邮件地址,并将其之前通过的所有内容声明为地址的本地部分,该部分限制为 64 个字符。如果没有 @ 符号,那么 strrpos 将返回一个布尔值 false。我将在我的验证功能中使用它。
回答by Dave Sherohman
If your primary concern is, as the question states, to verify that users have not attempted to trick you into spamming for them by entering a comma-separated list of addresses, then isn't the obvious answer to simply check whether there are any commas in the user's input?
如果您的主要关注点是,如问题所述,验证用户没有试图通过输入逗号分隔的地址列表来欺骗您为他们发送垃圾邮件,那么简单地检查是否有任何逗号并不是显而易见的答案在用户的输入中?
