Email address validation

[killboy]

Well, it's not a problem, it's just in case that anyone could need it.The regular expression is

/^[A-Za-z][A-Za-z0-9_.]*@[A-Za-z0-9_]+\.[A-Za-z0-9]+\.?[A-Za-z0-9]*$/

I think it evaluates everything:1)The name must begin with a letter2)After that, the name can have letters, numbers, dots or underlines.3)It must have an "@"4)The domain may contain letters, numbers and underlines5)There must be only one dot6)After the dot there only may be letters or numbers.7)It can also be given the case that the domain ends with something like ".com.co"I think those are all the considerations to have in mind. If there's any improvement or something I missed, please post it.

[boen_robot]

If you have PHP 5.2.0 or higher, you can use the bundled "filter" functions to do this, like:

var_dump(filter_var('bob@example.com', FILTER_VALIDATE_EMAIL));

In theory at least (haven't done any tests), this is faster than regular expression check, since the actual check algorithm is compiled beforehad.For more information, see the filter functions, and be sure to also check the filter constants to see what other things you can validate and/or filter.[edit]Oh wait... we're talking about JavaScript here... well... I'd prefer to send an HTTP request to a PHP script that would do the validation. At the same time, you may check if the email adress is already present in your DB (if you need it to be unique).[/edit]

[Ingolme]

Well, it's not a problem, it's just in case that anyone could need it.The regular expression is

/^[A-Za-z][A-Za-z0-9_.]*@[A-Za-z0-9_]+\.[A-Za-z0-9]+\.?[A-Za-z0-9]*$/

I think it evaluates everything:1)The name must begin with a letter2)After that, the name can have letters, numbers, dots or underlines.3)It must have an "@"4)The domain may contain letters, numbers and underlines5)There must be only one dot6)After the dot there only may be letters or numbers.7)It can also be given the case that the domain ends with something like ".com.co"I think those are all the considerations to have in mind. If there's any improvement or something I missed, please post it.

You forgot one thing: the domain may contain letters, numbers, underscores and hyphens ( - )

[Jesdisciple]

Correct me if I'm wrong, but I think this is more accurate, even if the additional allowed cases have an absurd amount of subdomains...

/^[A-Za-z][A-Za-z0-9_.]*@[A-Za-z0-9_]+(\.[A-Za-z0-9]+)+$/

[jesh]

5)There must be only one dotI think those are all the considerations to have in mind. If there's any improvement or something I missed, please post it.

Keep in mind that this is not a valid email address (but your expression would say that it is):someone.@somewhere.com

[jeffman]

Seriously, now. We just had this conversation. I think it needs a philosophy. Fact is, unless you also use one of those fancy server-side checkers, you'll never know if the address is REAL. All you can do is make sure it fits a pattern. So if you let through a .museum domain because you allow six chars after the dot, you also let through mickey.mouse@disney.gork . So what? Get as close to perfect as you want, but don't obsess, because a determined creep will always get through.Put some extra energy into a routine for handling the bounces.FWIW

[killboy]

Correct me if I'm wrong, but I think this is more accurate, even if the additional allowed cases have an absurd amount of subdomains...

/^[A-Za-z][A-Za-z0-9_.]*@[A-Za-z0-9_]+(\.[A-Za-z0-9]+)+$/

I haven't tried that one, but I think your expression would let something like something@domain..com; mine doesn't

[Jesdisciple]

No, it would require at least one alphanumeric character between the dots; this must match at least once, taken from your original:

(\.[A-Za-z0-9]+)

[aalbetski]

I may as well throw my attempt in

/^[A-Z]\w*@\w*?\.\w{1,4}$/i

[killboy]

Yours doesn't let dots (.) in the name e.g. (me.158@........)Doesn't let domains like (me@domain.org.com)

[aalbetski]

now it does

/^[A-Z][\w.]*@[\w.]*$/i

[justsomeguy]

Wouldn't that say "A@" is a valid email? It would also say "A......@......" is valid.

[Jesdisciple]

Yeah, following the standard perfectly will be really hard. I think the best idea is to validate in JS only to prevent typos.

According to RFC 2822, the local-part of the e-mail address may use any of these ASCII characters:

• Uppercase and lowercase letters
• The digits 0 through 9
• The characters ! # $ % * / ? | ^ { } ` ~ & ' + - = _
• The character . provided that it is not the first nor last character in the local-part, nor may it appear two or more times consecutively.

[aalbetski]

try this one, uses negative lookahead to prevent doubled (or more) dots and requires something after the @

/^[A-Z](\w|\.(?!\.))*@(\w|\.(?!\.))+$/i

[aalbetski]

still a little more robust, uses positive lookbehind to only allow letters and numbers and the underscore as the last character before the @, only allows letters and numbers as the very last character

/^[A-Z](?:\w|\.(?!\.))+(?<=[A-Z0-9_])@(?:\w|\.(?!\.))+(?<=[A-Z0-9])$/i

[aalbetski]

i have to admit, I got a little obsessed with this

/^[A-Z](?:\w|\.(?!\.))*(?<=[-A-Z0-9_])@(([-A-Z0-9_]+)(\.?(?!\.)))+?(?<=\.[-.A-Z0-9]+)(?<=[-A-Z0-9]{2,})$/i

Other valid characters can be added to the char class as need.I'm done

[Synook]

By the way, if you really want to validate the email address (and have access to a server-side language) then you can use e.g. the http://au.php.net/manual/en/ref.exec.php program execution functions to execute a shell command to attempt to connect to that mail server, and see what it returns. Then someone could never enter an invalid email address.

[justsomeguy]

You could probably just use fsockopen to do that. I'm sure someone out there has already built a script to do something like get the MX record for a domain. You would need to do a lookup to get the MX record and then try to connect to that server. You might even be able to send it the username and see if that exists, I'm not sure if you can do that with a mail server though, I haven't messed with SMTP much. There's something like that here:http://www.joemarini.com/tutorials/tutoria...omainexists.phpThere's a small problem with that script though, not all domains have MX records but can still receive email. Most of them do, but not all of them. I found another library available online for $119 that can catch that scenario and still validate, and it will also check the username and look for an error. That one isn't free though.But that way you don't have to validate anything, you just look up the DNS records for the domain (PHP has a function to do that, I wasn't aware of that). If the DNS records don't exist then the domain doesn't exist.

[killboy]

It doesn't really matter whether or not the email exists. The target of the topic is to validate its syntax using regular expressions, in JavaScript, so any user can validate without too much knowledge or AJAX.

[Jesdisciple]

Do not rely exclusively on JavaScript validation! JavaScript only has the power to suggest what the browser should do; the user can modify it at will. Server-side validation is essential.

[boen_robot]

By the way, if you really want to validate the email address (and have access to a server-side language) then you can use e.g. the http://au.php.net/manual/en/ref.exec.php program execution functions to execute a shell command to attempt to connect to that mail server, and see what it returns. Then someone could never enter an invalid email address.

Why bother going that far when you can use PHP's filter, as I have in my first post?

It doesn't really matter whether or not the email exists. The target of the topic is to validate its syntax using regular expressions, in JavaScript, so any user can validate without too much knowledge or AJAX.

Is there that much to knowing AJAX?

email.onchange = function(e) {    var xmlHttp = window.XMLHttpRequest ? new XMLHttpRequest : (window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : null);    if (xmlHttp == null) {        return true;//If XHR is not supported, do not validate on the client side. Assume valid, and let the server take care for it on submission.    }    xmlHttp.open("GET", "?email="+e.nodeValue, true);//Send a GET request (containing only the email to validate) to the PHP file    xmlHttp.send(null);    xmlHttp.onreadystatechange = function() {        if(xmlHttp.readyState == 4) {//Analyze the output from the PHP file.            //Here approaches can vary.            //For simplicity, I assume "OK" to be outputted by PHP when the email is valid.            //In a real world applicaiton, I'd probably use the status code as an indicator,            //and make PHP return 403 when the email is wrong, and an empty 200 when OK.            if (xmlHttp.responseText != 'OK') {                //Email is invalid. Take action!                return false;            }        }    }}