09-29-2007, 08:03 PM
|
#17 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 1,239
Thanks: 3
|
Quote:
Originally Posted by Village Idiot
Understand one thing about my coding, im all about security, it bothers me to have an insecure script. But I am also concerned about simplicity, I never use complicated code where simpler code will do. The simplest way is to use an email validation command, that way you see if its a valid email and it wont let an attack in.
PHP Code:
function checkEmail($email) {
if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
return false;
}
return true;
}
</span> |
Why not just go with:
PHP Code:
// Changed function name because true/false makes no sense
// with a function called "checkEmail"
function isValidEmail($szEmail) {
static $szPattern = '/^[a-z0-9][a-z0-9._-]*@[a-z0-9_-][a-z0-9._-]+$/i';
return (bool) preg_match($szPattern, $szEmail);
}
Is 0@-- a valid email address? (Really, I don't know for sure.)
__________________
salathe@php.net
|
|
|
|